Chrome: ERR_BLOCKED_BY_XSS_AUDITOR details

The simple way for bypass this error in developing is send header to browser

Put the header before send data to browser.

In php you can send this header for bypass this error ,send header reference:

header('X-XSS-Protection:0');

In the ASP.net you can send this header and send header reference:

HttpContext.Response.AddHeader("X-XSS-Protection","0");or HttpContext.Current.Response.AddHeader("X-XSS-Protection","0"); 

In the nodejs send header, send header reference :

res.writeHead(200, {'X-XSS-Protection':0 });// or express jsres.set('X-XSS-Protection', 0);

Chrome v58 might or might not fix your issue... It really depends to what you're actually POSTing. For example, if you're trying to POST some raw HTML/XML data whithin an input/select/textarea element, your request might still be blocked from the auditor.

In the past few days I hit this issue in two different scenarios: a WYSIWYG client-side editor and an interactive upload form featuring some kind of content preview. I managed to fix them both by base64-encoding the raw HTML before POSTing it, then decoding it on the receiving PHP page. This will most likely fix the issue and, most importantly, increase the developer's awareness level regarding the data coming from POST requests, hopefully pushing him into adopting effective data encoding/decoding strategies and strengthen their web application from XSS-type attacks.

To base64-encode your content on the client side you can either use the native btoa() function, which is supported by most browsers nowadays, or a third-party alternative such as a jQuery plugin (I ended up using this, which worked ok).

To base64-decode the POST data you can then use PHP's base64_decode(str) function, ASP.NET's Convert.FromBase64String(str) or anything else (depending on your server-side scenario).

For further info, check out this blog post that I wrote on the topic.

In this case, being a first-time contributor at the Creative forums, (some kind of vBulletin construct) and reduced to posting a PM to the moderators before forum access it is easy for one to encapsulate the nature of the issue from the more popular answers above.The command was

http://forums.creative.com/private.php?do=insertpm&pmid=

And as described above the actual data was "raw HTML/XML data within an input/select/textarea element".

The general requirement for handling such a bug (or feature) at the user end is some kind of quick fixit tweak or twiddle. This post discusses the option of clearing cache, resetting Chrome settings, creating a new_user or retrying the operation with a new beta release.It was also suggested that one launches a new instance with the following:

google-chrome-stable --disable-xss-auditor

The launch actually worked in this W10 1703 Chrome 061 edition after this modified version:

chrome --disable-xss-auditor

However, on logging back in to the site and attempting the post again, the same error was generated. Perhaps the syntax wants refining or something else is awry.

It then seemed reasonable to launched Edge and repost from there, which turned out to be no problem at all.