• Register
0 votes
79 views

Problem :

My working PHP page with an iframe inside suddenly stopped started giving following error
chrome detected unusual code on this page and blocked it to protect your personal information
6 5 3
6,930 points

2 Answers

0 votes

Solution :

I had faced the same issue recently.
After doing lot of research i found the solution on this issue.

I found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block'

So the fastest solution according to me is to disable X-XSS-Protection by sending just a value of 0 from the server.

Followig is example of how to do it from PHP

header("X-XSS-Protection: 0");

Further Readings:

9 7 4
38,600 points
0 votes

Solution:

After searching  web found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block' (reference)

So the latest solution (and concerning the least change in code) is to disable X-XSS-Protection by sending a value of 0 from the server.

Here is the process how to do it from PHP

header("X-XSS-Protection: 0");

This is occured by a webpage displaying HTML that was POST'd to it, at the time that HTML contains JS event triggers, for example :

<p class="someParagraph" onClick="doTheMagicThing();">

In case you have an iframe, that accepts text like this in a POST or a forum, and you show that text, as well, thereafter Chrome will issue the error (and successfully block the page), if not you have the X-XSS-Protection header disabled.

This error message is triggered at the time Google  Chrome conceives a “cross-site scripting” attack is occuring. These attacks occur at the time a browser is tricked into rendering HTML or JavaScript that is not intended to be a part of the website being shown.

In case you administer the website

In case you’re viewing this message on a website you administer, and it’s occuring at the time usual usage, for example submitting a form, you can inhibit it by including a page header to the POST submission.

For PHP

header('X-XSS-Protection:0');

For ASP.net

HttpContext.Response.AddHeader("X-XSS-Protection","0");

 

10 6 4
31,120 points

Related questions

1 vote
1 answer 33 views
33 views
Problem: I have written a very simple application. Please find below the code for my simple application which is calling the API in each second. After each of the call a chrome memory allocation size for that particular tab increases continuously. But not by the reducing that memory. ... xhttp.send();     } </script> </body> </html> Kindly help me in finding out the root cause of this issue.
asked May 27 Martin K 6.6k points
0 votes
1 answer 17 views
0 votes
1 answer 56 views
56 views
Problem: Can any one guide me ? "This commercial database offers news and information on legal, public records, and business issues are? A) CSi B) Proquest Dialog C) Dow Jones Factiva D) Lexisnexis"
asked Feb 21 maddi86 5.4k points