2012-02-23, 02:16:20
Ok well I cannot for the life of me find where the admin pages send httpd headers at.
So unless I find that, and how to patch it in, ill have to come up with an apache rule to send the header.
You can also start up chrome with this switch, but its disables it for everything.
So your shortcut target would look something like this.
I also confirmed that this is new with 3.1, if you remove the querystrings from the javascript urls, its avoids this bug. So that has something to do with these false positives.
So unless I find that, and how to patch it in, ill have to come up with an apache rule to send the header.
You can also start up chrome with this switch, but its disables it for everything.
Code:
--disable-xss-auditor
Code:
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-xss-auditor
I also confirmed that this is new with 3.1, if you remove the querystrings from the javascript urls, its avoids this bug. So that has something to do with these false positives.