Tonight, in r23805, I enabled a reflective cross-site scripting (XSS)
filter for Chromium. The goal of this filter is to automatically
protect web sites from certain kinds of XSS vulnerabilities. The
filter might have some false positives (and block legitimate web site
behavior). If you see a web site acting incorrectly and you suspect
the XSS filter, you can look at the JavaScript console and see if it
says something about blocking an unsafe script from executing. You
can also try visiting the web site again with the
--disable-xss-auditor command line flag. The filter has been on by
default in the WebKit nightly builds for about a month, so hopefully
we've flushed out most of the false positives already.
The filter looks like it might cost some page cycler performance as
currently implemented, so we might have to disable it again to sort
out those issues. Please let me know if you have any questions.
Adam
--~--~---------~--~----~------------~-------~--~----~
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
-~----------~----~----~----~------~----~------~--~---
