• Register
0 votes
145 views

Problem :

My working PHP page with an iframe inside suddenly stopped started giving following error
chrome detected unusual code on this page and blocked it to protect your personal information
6.9k points

Please log in or register to answer this question.

2 Answers

0 votes

Solution :

I had faced the same issue recently.
After doing lot of research i found the solution on this issue.

I found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block'

So the fastest solution according to me is to disable X-XSS-Protection by sending just a value of 0 from the server.

Followig is example of how to do it from PHP

header("X-XSS-Protection: 0");

Further Readings:

38.6k points
0 votes

Solution:

After searching  web found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block' (reference)

So the latest solution (and concerning the least change in code) is to disable X-XSS-Protection by sending a value of 0 from the server.

Here is the process how to do it from PHP

header("X-XSS-Protection: 0");

This is occured by a webpage displaying HTML that was POST'd to it, at the time that HTML contains JS event triggers, for example :

<p class="someParagraph" onClick="doTheMagicThing();">

In case you have an iframe, that accepts text like this in a POST or a forum, and you show that text, as well, thereafter Chrome will issue the error (and successfully block the page), if not you have the X-XSS-Protection header disabled.

This error message is triggered at the time Google  Chrome conceives a “cross-site scripting” attack is occuring. These attacks occur at the time a browser is tricked into rendering HTML or JavaScript that is not intended to be a part of the website being shown.

In case you administer the website

In case you’re viewing this message on a website you administer, and it’s occuring at the time usual usage, for example submitting a form, you can inhibit it by including a page header to the POST submission.

For PHP

header('X-XSS-Protection:0');

For ASP.net

HttpContext.Response.AddHeader("X-XSS-Protection","0");

 

31.7k points
edited by

Related questions

0 votes
1 answer 11 views
11 views
Problem: I had a perfectly working PHP page with an iframe inside. Suddenly it stoped working in Chrome with this error: Chrome detected unusual code on this page and blocked it to protect your personal information... Any idea how to solve it?
asked Apr 24 Humaira ahmed 50.7k points
0 votes
1 answer 15 views
15 views
Problem: What is wrong here? >Noscript detected a potential cross-site scripting attack
asked May 10 Chi Omega 168k points
0 votes
1 answer 19 views
19 views
Problem: Please help me to solve it
asked Mar 18 Ifra 43.4k points
0 votes
1 answer 6 views
6 views
Problem: Where can I find a solution for this : May harm your browsing experience so chrome has blocked it?
asked Jun 23 Chi Omega 168k points
0 votes
1 answer 3 views
3 views
Problem: This file is dangerous so chrome blocked it.
asked Jul 10 Rada Gracelynn 104k points
0 votes
1 answer 16 views
16 views
Problem: Need an answer for this : This file is dangerous so chrome has blocked it
asked May 25 Chi Omega 168k points
0 votes
1 answer 29 views
29 views
Problem: Having a hard time with this, help please : This file is dangerous so chrome has blocked it fix.
asked May 20 Aurelia Maja 78.4k points
0 votes
1 answer 7 views
7 views
Problem: What are my options for dealing with this issue &ldquo;Which interface is executed faster and is safe from sql injection attacks&rdquo;?
asked Mar 30 tuhin1 48.9k points
0 votes
1 answer 4 views
4 views
Problem: Error parsing header x-xss-protection: 1; mode=block;
asked Jun 26 nila 121k points
0 votes
1 answer 10 views
10 views
Problem: Need an answer for this >How to fix cross site scripting vulnerability in java
asked May 16 Chi Omega 168k points