Tonight, in r23805, I enabled a reflective cross-site scripting (XSS) filter for Chromium. The goal of this filter is to automatically protect web sites from certain kinds of XSS vulnerabilities. The filter might have some false positives (and block legitimate web site behavior). If you see a web site acting incorrectly and you suspect the XSS filter, you can look at the JavaScript console and see if it says something about blocking an unsafe script from executing. You can also try visiting the web site again with the --disable-xss-auditor command line flag. The filter has been on by default in the WebKit nightly builds for about a month, so hopefully we've flushed out most of the false positives already.
The filter looks like it might cost some page cycler performance as currently implemented, so we might have to disable it again to sort out those issues. Please let me know if you have any questions. Adam --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---