Opened 7 years ago
Last modified 6 years ago
#12926 closed defect
Chrome blocks preview with ERR_BLOCKED_BY_XSS_AUDITOR — at Version 1
Reported by: | Ryan J Ollos | Owned by: | Ryan J Ollos |
---|---|---|---|
Priority: | normal | Milestone: | 1.0.17 |
Component: | general | Version: | |
Severity: | normal | Keywords: | |
Cc: | Branch: | ||
Release Notes: |
Fixed |
||
API Changes: | |||
Internal Changes: |
Description
Issue occurs when using WikiProcessor in text such as:
{{{#!html <form action=""> }}}
The workaround noted by Jun is to add X-XSS-Protection: 0
header when the method is POST (or to add the header to all preview features).
More info in X-XSS-Protection.
Change History (1)
comment:1 by , 6 years ago
Owner: | set to |
---|---|
Release Notes: | modified (diff) |
Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.