Mou*_*Man 27 google-chrome chromium
这是来自Chrome Inspector的消息:
XSS Auditor拒绝执行脚本,
http://localhost/Disposable Working NOTAS.php因为它的源代码是在请求中找到的.审核员已启用,因为服务器既未发送"X-XSS-Protection"也未发送"Content-Security-Policy"标头.
... I have a couple dozen websites sitting on localhost on my notebook which I use for a big part of my workflow, and in the last couple days, after an updated Chrome changed something, pretty much all the websites' textareas' content is not being saved to file anymore.
The code which was saving edits I made, is uniformly broken; I enter new text, click on save and my browser, instead of executing the file~writing subroutines in the script for the webpage I am working in, simply opens a new blank page. If I then hit the back button, the textarea still shows the freshly added content, but in the file, no changes are being appended.
ick*_*fay 46
如果您想告诉Chrome禁用其XSS保护,您可以发送X-XSS-Protection值为的标头0.由于您似乎正在使用PHP,因此您需要在输出任何内容之前将其添加到始终执行的位置:
header("X-XSS-Protection: 0");
D.W*_*.W. 17
如果您被XSS Auditor阻止,您应该在禁用之前检查您的代码是否存在XSS漏洞.
如果您被XSS Auditor阻止,那么您有可能遇到XSS漏洞并且没有意识到这一点.如果您只是禁用XSS Auditor,您将仍然容易受到攻击:它正在治疗症状,而不是基础疾病(根本原因).
| 归档时间: |
|
| 查看次数: |
43352 次 |
| 最近记录: |