Disable Webkit Browser XSS Protection
Mod Version: 1.00, by Internet Brands
| vB Version: 4.x.x | Rating:  (4 votes - 4.75 average) |
Installs: 21 |
| Released: 30 Dec 2011 | Last Update: Never | Downloads: 77 |
 Not Supported
 Uses Plugins
Translations
|
||
The Chrome Xss prevention feature can trigger false positives on some vBulletin boards.
This occurs when people make posts that contain references to JS files that vbulletin uses.
Chrome detects that the content of the post contains the same scripts that the resulting page intends to run and disallows the load (this occurs even if the post escapes the scripts properly so they cannot be interpreted as code).
Chrome are aware of the problem, but do not intend to provide a fix. The only workaround is to disable the Xss prevention feature in Chrome, which can be done via a HTTP header.
Since the actual occurrence of this problem appears to be quite limited, this is considered to be too drastic of an action for general use.
We have therefore decided to make this small product available that causes vBulletin to emit the header (for admins who are affected).
Simply download an install as you would for any product.
While released for the 4.x series, this should also work on vB 3.6, 3.7 & 3.8.
For reference see ;
http://tracker.vbulletin.com/browse/VBIV-13539
http://tracker.vbulletin.com/browse/VBIV-13499
This occurs when people make posts that contain references to JS files that vbulletin uses.
Chrome detects that the content of the post contains the same scripts that the resulting page intends to run and disallows the load (this occurs even if the post escapes the scripts properly so they cannot be interpreted as code).
Chrome are aware of the problem, but do not intend to provide a fix. The only workaround is to disable the Xss prevention feature in Chrome, which can be done via a HTTP header.
Since the actual occurrence of this problem appears to be quite limited, this is considered to be too drastic of an action for general use.
We have therefore decided to make this small product available that causes vBulletin to emit the header (for admins who are affected).
Simply download an install as you would for any product.
While released for the 4.x series, this should also work on vB 3.6, 3.7 & 3.8.
For reference see ;
http://tracker.vbulletin.com/browse/VBIV-13539
http://tracker.vbulletin.com/browse/VBIV-13499
Download
product-vbwebkitxss.xml (1.1 KB, 82 downloads)