From: Alexander Ebert <ebert@woltlab.com>
Date: Sun, 18 Jun 2017 10:05:35 +0000 (+0200)
Subject: Work-around for a false-positive by Chrome's XSS auditor
X-Git-Tag: 3.0.6~12^2~7
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a4a7af397514f0a422d986e6fa0784957693ff42;p=GitHub%2FWoltLab%2FWCF.git

Work-around for a false-positive by Chrome's XSS auditor
---

diff --git a/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php b/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php
index 3427a44668..b8f17a399c 100644
--- a/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php
+++ b/wcfsetup/install/files/lib/acp/form/TemplateAddForm.class.php
@@ -236,4 +236,15 @@ class TemplateAddForm extends AbstractForm {
 			'copy' => $this->copy
 		]);
 	}
+	
+	/**
+	 * @inheritDoc
+	 */
+	public function show() {
+		parent::show();
+		
+		// work-around for a known Chrome bug that causes the XSS auditor
+		// to incorrectly detect JavaScript inside a textarea
+		@header('X-XSS-Protection: 0');
+	}
 }