Resolved/Answered XSS Auditor Error

Nilum

Nilum

The Wanderer Returned
Benefactor
@Tiko Has been made aware of this error specifically in Chrome.

Detail: When attempting to edit this post in Google Chrome, selecting the "more options" button to lead to the main edit page causes the XSS Auditor to stop the connection, as it is reading strange code that it is interpreting as potentially malicious.

EDIT #1: Error Replicated. (8:39 AM, 2017-12-08)
cYfLQNb.jpg


EDIT #2: Bold, Font, Center, Size all eliminated.

EDIT #3: Spoiler eliminated.

EDIT #4: URL to Google not the problem. I need a cookie. :(

EDIT #5: Removed URL code to another forum post. Error ceased. Attempting to isolate by adding it back in.

EDIT #6: Success! Replicated the specific error!

Google Chrome XSS AUDITOR error occurs under the following circumstances.
  • Using the URL code to link to another thread on Storytellers Circle.
  • Clicking the "more options" button when editing a post that contains a URL link to another part of STC.
As for why, I have no clue. It's so idiotically specific as to be baffling.
 
Last edited:
Nilum said:
This piece of URL code is the culprit. I don't know why.
Click to expand...

Bit puzzled, will mess around more. To eliminate the simplest possibility: Was the URL code in as http vs https when it was causing the issue? That's the most likely problem. Another possibility is Chrome erring more on the side of caution when mixed content is detected on an https connection, which is something I'm aware of and plan to tackle in near future so everything is properly encrypted across the board.
 
Dashmiel said:
Bit puzzled, will mess around more. To eliminate the simplest possibility: Was the URL code in as http vs https when it was causing the issue? That's the most likely problem. Another possibility is Chrome erring more on the side of caution when mixed content is detected on an https connection, which is something I'm aware of and plan to tackle in near future so everything is properly encrypted across the board.
Click to expand...
Attempting to replicate...

Noted difference: HTTPS causes XSS AUDITOR error. HTTP to same link does not cause XSS AUDITOR error.

I think this is resolved then if you plan on properly encrypting things across the board.
 
Nilum said:
Attempting to replicate...

Noted difference: HTTPS causes XSS AUDITOR error. HTTP to same link does not cause XSS AUDITOR error.

I think this is resolved then if you plan on properly encrypting things across the board.
Click to expand...

Yes, it's definitely in the cards. It's just a massive headache that requires some trial and error to determine the best way to deal with images which are the biggest culprit we got with the mixed content warnings. So something I'll tackle soon.
 
Dashmiel said:
Yes, it's definitely in the cards. It's just a massive headache that requires some trial and error to determine the best way to deal with images which are the biggest culprit we got with the mixed content warnings. So something I'll tackle soon.
Click to expand...
stamped-PS-right-1000.png
 
You must log in or register to reply here.
Back
Top