Google Chrome – How to bypass ERR_BLOCKED_BY_XSS_AUDITOR

Problem

When trying to submit a form which contains HTML or JavaScript – you recieve an error message which reads

This page isn't working
Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).
ERR_BLOCKED_BY_XSS_AUDITOR

Solution

This error message is triggered when  Google  Chrome believes a “cross-site scripting” attack is happening. These attacks happen when a browser is tricked into rendering HTML or JavaScript that is not meant to be a part of the website being displayed.

If you administer the website

If you’re seeing this message on a website you administer, and it’s happening during normal usage, for example submitting a form, you can suppress it by adding a page header to the POST submission.

For PHP

header('X-XSS-Protection:0');

For ASP.net

HttpContext.Response.AddHeader("X-XSS-Protection","0");

If you don’t administer the website

Make contact with your website administrator – it’s something that should be aware of and fix.

In the meanwhile you could use another browser, e.g. Firefox.

Or you can launch Chrome with the xss auditor disabled.

This is done by creating a shortcut with the following path:

For 64-bit Chrome: 

"C:\Program Files\Google\Chrome\Application\chrome.exe" -disable-xss-auditor

For 32-bit Chrome:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -disable-xss-auditor

Was this article helpful?

Related Articles