Saturday, December 15, 2012

Refused to execute a JavaScript script. Source code of script found within request.

Work around is sending the non-standard HTTP header X-XSS-Protection on the effected page.

X-XSS-Protection: 0

No comments: