Issue metadata
Sign in to add a comment
|
XSS Auditor prevents me from nothing but working in forum
Reported by
watj...@gmail.com,
May 2 2017
|
||||||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Example URL: http://forum.miramagia.com/editpost.php?do=updatepost&postid=15841 Steps to reproduce the problem: Unfortunately this is an unpredictable problem within the forum linked above. So I have no clue what brings this stupid XSS Auditor into action and what not. What is the expected behavior? The site loads the advanced editing in WYISWYG mode. What went wrong? If I had an idea I would tell you. As I mentioned above it doesn't happen all the time within the forum. Most Threads I can work on (if needed) but some are simply blocked when editing in WYISWYG mode. Does it occur on multiple sites: Yes Is it a problem with a plugin? No Did this work before? Yes no idea because I don't get notified when Chrome updates Does this work in other browsers? Yes Chrome version: 58.0.3029.81 Channel: n/a OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 25.0 r0 I suggest to work on a fix for vBulletin Boards or remove this stupid absurdity that doesn't prevent me from anything but my work. I don't even use any of the useless and/or insecure plugins (simply because none of you guys checks if they are are a potential threat to my device) I'd also like to add that Chrome is one of the worst web browsers I know - unfortunately it's the only one that atm runs the Flash based browser game Miramagia on my pc satisfyingly smooth which is btw. where I work.
,
May 5 2017
,
May 8 2017
Well, first pic shows what I actually expect to see, second what I get and third how I overrun that stupid auditor to be able to work. It's just anything but comfortable to work in that mode - I never seem to remember how bb-code works, which is why I prefer the WYSIWYG mode.
,
May 8 2017
Thank you for providing more feedback. Adding requester "hdodda@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 9 2017
Tested this issue on Windows 7 using chrome stable#58.0.3029.96 and #60.0.3089.0 dev and observed same behavior as mentioned in Comment #1. As per the Component,requesting respective team to look into this issue for further debugging.
,
May 11 2017
watja79@ - Could you please provide sample test credentials to login into the site. Editing or writing a new post require a valid login. Thanks...!!
,
May 12 2017
,
May 15 2017
I am very sorry, but I can't provide my own login details and also none for a test user. That would have to be made by our developers. I am not the forum administrator. If it wasn't for Miramagia I'd never used this awful browser that changes settings itself and ignores commands like 'keep local data only until you quit your browser' :( I didn't have to clear them manually in years using firefox/waterfox but Chrome is not able to do it... you better remove that option to tick if it doesn't work as well as this stupid auditor... Why does it actually think another link from the same forum I'm working with/in could try to steal my personal informations (which I for security reasons never entered in Chrome - they keywords here: hidden forms that will be auto filled by Chrome without my knowledge!)?
,
May 15 2017
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
May 31 2017
Could anyone from Blink>SecurityFeature>XSSAuditor team please have a look into this issue. Thanks...!!
,
Oct 5 2017
,
Oct 5 2017
|
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by hdodda@chromium.org
, May 4 2017Labels: Needs-Feedback
490 KB
490 KB View Download