Work-around for a false-positive by Chrome's XSS auditor

author Alexander Ebert <ebert@woltlab.com>

Sun, 18 Jun 2017 10:05:35 +0000 (12:05 +0200)

committer Alexander Ebert <ebert@woltlab.com>

Sun, 18 Jun 2017 10:05:41 +0000 (12:05 +0200)
author Alexander Ebert <ebert@woltlab.com>
Sun, 18 Jun 2017 10:05:35 +0000 (12:05 +0200)
committer Alexander Ebert <ebert@woltlab.com>
Sun, 18 Jun 2017 10:05:41 +0000 (12:05 +0200)
diff --git a/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php b/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php

index 3427a44668aca5b762ab541b3c2e2a1767bf398e..b8f17a399cd2380fa62eb74563f641f6905c4ef9 100644 (file)
--- a/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php
@@ -236,4 +236,15 @@ class TemplateAddForm extends AbstractForm {
                         'copy' => $this->copy
                 ]);
         }
+       
+       /**
+        * @inheritDoc
+        */
+       public function show() {
+               parent::show();
+               
+               // work-around for a known Chrome bug that causes the XSS auditor
+               // to incorrectly detect JavaScript inside a textarea
+               @header('X-XSS-Protection: 0');
+       }
  }
author	Alexander Ebert <ebert@woltlab.com>
	Sun, 18 Jun 2017 10:05:35 +0000 (12:05 +0200)
committer	Alexander Ebert <ebert@woltlab.com>
	Sun, 18 Jun 2017 10:05:41 +0000 (12:05 +0200)