本文介绍了Chromium的XSS审计员拒绝执行脚本的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

这是Chrome Inspector的消息:

...我的笔记本上有几个网站坐在本地主机上,我使用它作为我工作流程的一个重要部分,在最近几天,Chrome更新了某些内容后,所有网站的textareas的内容都不会被保存到文件中。



保存编辑的代码被统一破解;我输入新文本,在 save 和我的浏览器上单击
,而不是在脚本
中为我正在工作的网页执行文件〜编写子例程,只需打开一个新文件空白页。如果我点击后面的
按钮,textarea仍会显示新添加的内容,但是在文件中,不会添加任何
更改。 >解决方案

如果您想要让Chrome禁用其XSS保护功能,您可以发送 X-XSS-Protection 0 的值。由于您似乎正在使用PHP,因此您可以将其添加到某处,以便在输出任何内容之前始终执行此操作:


$ b

 标题(X-XSS-Protection:0); 


This is a message from the Chrome Inspector:

... I have a couple dozen websites sitting on localhost on my notebook which I use for a big part of my workflow, and in the last couple days, after an updated Chrome changed something, pretty much all the websites' textareas' content is not being saved to file anymore.

The code which was saving edits I made, is uniformly broken; I enter new text, clickon save and my browser, instead of executing the file~writing subroutines in the scriptfor the webpage I am working in, simply opens a new blank page. If I then hit the backbutton, the textarea still shows the freshly added content, but in the file, no changesare being appended.

解决方案

If you'd like to tell Chrome to disable its XSS protection, you can send an X-XSS-Protection header with a value of 0. Since you appear to be using PHP, you'd add this somewhere where it'll always be executed before any content has been output:

header("X-XSS-Protection: 0");

这篇关于Chromium的XSS审计员拒绝执行脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-15 22:51