发表新帖
发表新帖

Chromium's XSS auditor refused to execute a script

后端 未结
关注
3 1931
闹比i
闹比i 2020-12-05 00:25

This is a message from the Chrome Inspector:

The XSS Auditor refused to execute a script in http://localhost/Disposable Working NOTAS.php

相关标签:
3条回答
  • 别跟我提以往
    2020-12-05 01:00

    I encountered exactly the same issue when I was studying XSS recently. And below screenshot shows a PHP way to bypass Chrome XSS Auditor.

    Just add -- header("X-XSS-Protection: 0");

    enter image description here

    0 讨论(0)
  • 予麋鹿
    2020-12-05 01:01

    If you are getting blocked by XSS Auditor, you should check whether your code has a XSS vulnerability or not before simply disabling it.

    If you're getting blocked by XSS Auditor, there's a decent chance you have a XSS vulnerability and just didn't realize it. If you simply disable the XSS Auditor, you will remain vulnerable: it's treating the symptoms, rather than the underlying illness (the root cause).

    0 讨论(0)
  • 别那么骄傲
    2020-12-05 01:06

    If you'd like to tell Chrome to disable its XSS protection, you can send an X-XSS-Protection header with a value of 0. Since you appear to be using PHP, you'd add this somewhere where it'll always be executed before any content has been output:

    header("X-XSS-Protection: 0");
    0 讨论(0)
 看不清?
提交回复
热议问题