• Register
0 votes
61 views

Problem :

My working PHP page with an iframe inside suddenly stopped started giving following error
chrome detected unusual code on this page and blocked it to protect your personal information
6.9k points

2 Answers

0 votes

Solution :

I had faced the same issue recently.
After doing lot of research i found the solution on this issue.

I found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block'

So the fastest solution according to me is to disable X-XSS-Protection by sending just a value of 0 from the server.

Followig is example of how to do it from PHP

header("X-XSS-Protection: 0");

Further Readings:

36.1k points
0 votes

Solution:

After searching  web found that Chrome changed its default implementation of X-XSS-Protection to 'X-XSS-Protection: 1; mode=block' (reference)

So the latest solution (and concerning the least change in code) is to disable X-XSS-Protection by sending a value of 0 from the server.

Here is the process how to do it from PHP

header("X-XSS-Protection: 0");

This is occured by a webpage displaying HTML that was POST'd to it, at the time that HTML contains JS event triggers, for example :

<p class="someParagraph" onClick="doTheMagicThing();">

In case you have an iframe, that accepts text like this in a POST or a forum, and you show that text, as well, thereafter Chrome will issue the error (and successfully block the page), if not you have the X-XSS-Protection header disabled.

This error message is triggered at the time Google  Chrome conceives a “cross-site scripting” attack is occuring. These attacks occur at the time a browser is tricked into rendering HTML or JavaScript that is not intended to be a part of the website being shown.

In case you administer the website

In case you’re viewing this message on a website you administer, and it’s occuring at the time usual usage, for example submitting a form, you can inhibit it by including a page header to the POST submission.

For PHP

header('X-XSS-Protection:0');

For ASP.net

HttpContext.Response.AddHeader("X-XSS-Protection","0");

 

17.7k points
edited by

Related questions

1 vote
1 answer 22 views
22 views
Problem: I have written a very simple application. Please find below the code for my simple application which is calling the API in each second. After each of the call a chrome memory allocation size for that particular tab increases continuously. But not by the reducing that memory. ... xhttp.send();     } </script> </body> </html> Kindly help me in finding out the root cause of this issue.
asked May 27 Martin K 6.6k points
0 votes
1 answer 8 views
0 votes
1 answer 49 views
49 views
Problem: Can any one guide me ? "This commercial database offers news and information on legal, public records, and business issues are? A) CSi B) Proquest Dialog C) Dow Jones Factiva D) Lexisnexis"
asked Feb 21 maddi86 5.4k points
2 votes
1 answer 23 views
23 views
Problem : I have some issues with chrome browser because of my eyes issues I can&rsquo;t see the bright colors .My browser tab bar has a light tan and white color theme. My eyes are really very sensitive to light bright colors. so I want to customize the color of my ... them because I I am unable to see them. I may go blind from this bright colored browser tab. How can I fix the chrome issue?
asked May 6 stewart 4k points