发表新帖
发表新帖

How to temporarily disable XSS protection in modern browsers for testing?

后端 未结
关注
7 430
一向
一向 2021-01-31 08:35

Is it possible to temporarily disable the XSS protection found in modern browsers for testing purposes?

I\'m trying to explain to a co-worker what happens when one sends

相关标签:
7条回答
  • 耶瑟儿~
    2021-01-31 08:56

    I know this doesn't fix it but it may just need a message on the sites for now until Google fixes it. something like, "If using Chrome you may experience....". I found that even though I get the error screen that the content does in fact go in the database. I just hit back to get back into the site. Then go to the dashboard and it is there. Pain in the ass but is a work around that doesn't need to set sites back.

    0 讨论(0)
  • 一向
    2021-01-31 08:57

    Is use of disable argument temporary? In limited testing it seems permanent. XSS-Auditor remains disabled in Chrome windows started without any xss-auditor argument. To turn back on use "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --enable-xss-auditor

    0 讨论(0)
  • 小蘑菇
    2021-01-31 08:59

    In Chrome there is a flag with which you can start the browser. If you start the browser with this flag, you can do what you want:

    --disable-web-security
    0 讨论(0)
  • 执笔经年
    2021-01-31 09:00

    For the convenience of those who don't know....

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --args --disable-web-security

    Use the above as the path of the shortcut

    0 讨论(0)
  • 情书的邮戳
    2021-01-31 09:04

    If you only wan't to disable XSS you should use --disable-xss-auditor. A complete argument would be something like:

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-xss-auditor

    Make sure all chrome.exe processes are killed before running the command or it will have no effect. You can also pass more arguments if you wish, for example I often use a proxy argument because I don't want to enable a proxy for my entire system.

    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-xss-auditor --proxy-server=127.0.0.1:8080

    0 讨论(0)
  • 攒了一身酷
    2021-01-31 09:08

    You do not need to disable XSS protection.

    If you cannot load your page, it is because your "testing" has discovered a fault you need to fix.

    If you have no faults in your page, you will not be blocked by XSS.

    Fix your HTML so it properly "escapes" all input data from the URL, and you will not see XSS warnings.

    It is better to not disable this, because chrome is better at looking through your HTML source for those errors than your eyeballs are!

    0 讨论(0)
 看不清?
提交回复
热议问题