Loading

Preventing XSS errors in Google Chrome: ERR_BLOCKED_BY_XSS_AUDITOR


Posted on Sep 18, 2018 by Nathanael | Tags: Website security, XSS, Google Chrome, Base64, WYSIWYG editor, PHP, Web form  | Comments (0)

With Google ever increasing the performance and security of its flagship browser Google Chrome, it can sometimes cause web pages to send some interesting errors such as ERR_BLOCKED_BY_XSS_AUDITOR.

With Google ever increasing the performance and security of its flagship browser Google Chrome, it can sometimes cause web pages to behave somewhat unexpectedly. Recently, we've been creating a kick-ass CRM system for ourselves which will enable us to have greater control and oversight of our business and clients when we came across this error:

ERR_BLOCKED_BY_XSS_AUDITOR

This handy error message tells you nothing about what's going on! After some helpful Googling we came across this answer on stack overflow. LIGHTBULB! We're doing some testing on an email tracking system which uses the ever-reliable Redactor WYSIWYG editor (Modx plugin by Modmore). When we submit our form, the textarea attached to Redactor contains raw HTML tags. And all good devs know that posting raw tags to a server requires some very delicate handling on the backend! But now we have an additional blocker; Google Chrome is automatically blocking this request and giving us the dreaded ERR_BLOCKED_BY_XSS_AUDITOR error.

How to fix

The fix is very simple; the solution is to base64 encode the value of textarea and then submit that to the server. Once on the other side, you can call base64_decode($input) to decode your input and run your validations etc.

Helpful resources

The easiest way to convert your textarea value to base64 is to use this little jQuery plugin by TaoK.

<script src="/path/to/base64.jquery.js"></script>

$('#submitButton').on('touchstart click', function(e){
    e.preventDefault();
    // $.base64Encode() calls TaoK's plugin 
    var textarea = $.base64Encode($('#textarea').val());
     $('#textarea').val(textarea);
     $('form').submit();
});

Problem solved.

If you've come across a similar issue with ERR_BLOCKED_BY_XSS_AUDITOR, then drop us a comment and let us know how you fixed it.

Comments (0)


Add a Comment




Allowed tags: <b><i><br>Add a new comment: