Chrome 版本 17:拒绝执行 JavaScript 脚本。在请求中找到脚本的源代码
我们开始使用
Refused to execute a JavaScript script. Source code of script found within request.
Chrome 17 版本。 16 版运行良好。它似乎抱怨的是我们做了一个帖子,如果我理解正确的话,回复与我们已经得到的回复是一样的。或者有没有办法准确验证它所抱怨的内容?
拒绝执行 JavaScript 脚本。在请求中找到的脚本的源代码
有没有办法解决这个问题,或者有人在使用新版本的 Chrome 17 时遇到过类似的问题吗?我们不会在我们的网站上进行任何交叉发布,因此这看起来像是 Chrome 中的一个错误,但无论如何它都需要解决。
We started to get
Refused to execute a JavaScript script. Source code of script found within request.
with version 17 of Chrome. Version 16 was working fine. What it seems to complain about is that we do a POST and the reply is the same what we already have if I understand it correctly. Or is there a way to verify exactly what it complains about?
Refused to execute a JavaScript script. Source code of script found within request
Is there a way to get around this or have anyone had simular problems with the new version 17 of Chrome? We dont do any cross posting on our site, so it kind of looks like a bug from Chrome, but anyhow it needs to be solved.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
https://stackoverflow.com/a/1547887/99220 似乎适用。该功能尝试检测客户端的 XSS 攻击,并拒绝执行看起来只是反映 POST 中填充内容的代码。
XSS 过滤器肯定有可能存在缺陷,并将您的案例检测为误报。您的网站上也可能存在 Chrome 警告您的实际 XSS 漏洞。可以发个链接让其他人看看吗?如果是错误,我会帮助您在 http://new.crbug.com/ 如果这不是错误,那么我们可以评估您如何修复您的网站。
https://stackoverflow.com/a/1547887/99220 seems applicable. The feature is attempting to detect an XSS attack client-side, and refusing to execute code that looks like it's simply reflecting whatever was stuffed into a POST.
It's certainly possible that the XSS filters are buggy, and detecting your case as a false-positive. It's also possible that you have an actual XSS hole on your site that Chrome is warning you about. Can you post a link so others can take a look? If it is a bug, I'll help you file a ticket at http://new.crbug.com/ If it's not a bug, then we can evaluate how you can fix your site.