![]() |
Disable Webkit Browser XSS Protection
1 Attachment(s)
The Chrome Xss prevention feature can trigger false positives on some vBulletin boards.
This occurs when people make posts that contain references to JS files that vbulletin uses. Chrome detects that the content of the post contains the same scripts that the resulting page intends to run and disallows the load (this occurs even if the post escapes the scripts properly so they cannot be interpreted as code). Chrome are aware of the problem, but do not intend to provide a fix. The only workaround is to disable the Xss prevention feature in Chrome, which can be done via a HTTP header. Since the actual occurrence of this problem appears to be quite limited, this is considered to be too drastic of an action for general use. We have therefore decided to make this small product available that causes vBulletin to emit the header (for admins who are affected). Simply download an install as you would for any product. While released for the 4.x series, this should also work on vB 3.6, 3.7 & 3.8. For reference see ; http://tracker.vbulletin.com/browse/VBIV-13539 http://tracker.vbulletin.com/browse/VBIV-13499 |
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80.5% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
http://en.wikipedia.org/wiki/Cross-site_scripting So adding this could in theory, make your site less secure?! |
Freddies response
Quote:
Quote:
|
The response from the chromium dev seems utter nonsense. Offcourse vbulletin users copy content from vbulletin. Its called quoting. The guy must live under a rock.
|
wow. wasn't aware of that. Thanks
|
All times are GMT. The time now is 04:05 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
![]() |
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|