Work-around for a false-positive by Chrome's XSS auditor

author Joshua Rüsweg <josh@bastelstu.be>

Fri, 7 Dec 2018 09:57:54 +0000 (10:57 +0100)

committer Joshua Rüsweg <josh@bastelstu.be>

Fri, 7 Dec 2018 09:58:06 +0000 (10:58 +0100)
author Joshua Rüsweg <josh@bastelstu.be>
Fri, 7 Dec 2018 09:57:54 +0000 (10:57 +0100)
committer Joshua Rüsweg <josh@bastelstu.be>
Fri, 7 Dec 2018 09:58:06 +0000 (10:58 +0100)
diff --git a/wcfsetup/install/files/lib/acp/form/AdAddForm.class.php b/wcfsetup/install/files/lib/acp/form/AdAddForm.class.php

index 74f8a684ef5f5d38199265ff936a09d5a7e3983c..c68ac981e024cee873ed41fa4ffcb2f2c71525ed 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/AdAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/AdAddForm.class.php
@@ -241,4 +241,16 @@ class AdAddForm extends AbstractForm {
                         }
                 }
         }
+       
+       
+       /**
+        * @inheritDoc
+        */
+       public function show() {
+               // work-around for a known Chrome bug that causes the XSS auditor
+               // to incorrectly detect JavaScript inside a textarea
+               @header('X-XSS-Protection: 0');
+               
+               parent::show();
+       }
  }
author	Joshua Rüsweg <josh@bastelstu.be>
	Fri, 7 Dec 2018 09:57:54 +0000 (10:57 +0100)
committer	Joshua Rüsweg <josh@bastelstu.be>
	Fri, 7 Dec 2018 09:58:06 +0000 (10:58 +0100)