Results 1 to 15 of 15

Thread: Chrome blocks certain links?

  1. #1

    Chrome blocks certain links?

    http://forums.nrvnqsr.com/showthread...ral-discussion

    Now try tapping "Preview Post"...
    This page doesn't work.

    Chrome has found unusual Code on this page and therefore blocked it to protect your personal data, e.g. passwords, phone number or credit card information.


    ERR_BLOCKED_BY_XSS_AUDITOR

  2. #2
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Can't reproduce. You can't think of anything else that could be causing this?
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  3. #3
    Master Fiddler John D. Pliskin's Avatar
    Join Date
    Jun 2014
    Location
    St. Louis
    Age
    27
    Gender
    Male
    Posts
    1,434
    JP Friend Code
    266,041,773 / Justice
    US Friend Code
    423,581,663
    Blog Entries
    5
    Hey, this same thing has been happening to me when trying to update my signature tonight. (Sorry, I guess I should've checked the sub-forum more for a thread like this.)

    Quote Originally Posted by John D. Pliskin View Post
    So I was just trying to update my signature, and this keeps happening whenever I try to save anything...



    Never had this XSS Auditor error happen on me before here. I assume there are workarounds to this, but I already tried one method (of adding some code to the program address) and I don't think it worked...

    (Moreover, I don't think I should have to do that. :P)
    (old FGO USA accounts still being listed here for some reason)
    Spoiler:
    1st Ever Account: feat. Waver & Herc)
    (Currently waiting to be Recovered from Space)
    User ID: 096,380,356

    Strategic Account: Waver, Carmilla, Atalante, Kaleidoscope

    User ID: 744,854,542


    (Helpful Explanation on How a Mongrel beat a King in UBW.)

    Quote Originally Posted by Broke View Post

  4. #4
    Switch on the Holy Night Quibi's Avatar
    Join Date
    Mar 2012
    Age
    27
    Gender
    Male
    Posts
    1,089
    Blog Entries
    1
    This is a really annoying issue. I have steps to reproduce:
    1. Add a link to somewhere inside this site (user profile, a certain comment, etc...) in a quick reply.
    2. Click go advanced.
    3. You get "ERR_BLOCKED_BY_XSS_AUDITOR" error by chrome.


    If you try to first "go advanced" and then paste the username, you get the same error when trying to submit the post or even preview it (I suppose clicking "go advanced" is the same as "preview post").
    Anyway, would really appreciate fixing this as I have to switch to another browser whenever I want to edit my threads...

  5. #5
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Attempted all variants: just doing the link and going advanced, typing and then pasting the link and going advanced, going advanced and then pasting a link and trying to preview or post. Still unable to reproduce in any case.

    E: Hold. I can reproduce if I go advanced, copy and paste the link and add text, preview (it works) and then preview again. That throws the error. IDK.
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  6. #6
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    http://forums.nrvnqsr.com/member.php/1746-Quibi

    sdfsdfs

    So, yes, it will still post properly without the error on the first go.
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  7. #7
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Solution that seems to work: when you're in Advanced (or, I suppose, Quick Reply, if you're somehow managing to throw errors by going from there, which I still can't), then switch the editor to source mode using the very top-left button. Chrome then processes it properly.

    This seems to be connected directly to the issue, because coming out of source mode immediately gets it to start throwing the error again. The browser doesn't like something about converting the raw links to hyperlink markup?
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  8. #8
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  9. #9
    Switch on the Holy Night Quibi's Avatar
    Join Date
    Mar 2012
    Age
    27
    Gender
    Male
    Posts
    1,089
    Blog Entries
    1
    Since it only happens to me when I try linking inside the forum's domain, and not when using external links, I suspect chrome is thinking the site is trying to inject code to itself, which it doesn't...

    Googling the problem, it also seems to only take effect since chrome v54.
    I found a solution that seemed to work for some is adding the following header which disables this protection (requires editing the source code):
    Code:
    header('X-XSS-Protection:0');
    Source: https://stackoverflow.com/questions/...uditor-details
    More info about this header: https://developer.mozilla.org/en-US/...XSS-Protection

    Can't say how "safe" it is to disable it, but it seems to be more of a "backwards compatible" protection that isn't really needed for newer websites.

    My specs:
    Windows 10
    Chrome Version 63.0.3239.108 (Official Build) (64-bit)

  10. #10
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    I'm not sure we're a newer website, though.
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  11. #11
    Switch on the Holy Night Quibi's Avatar
    Join Date
    Mar 2012
    Age
    27
    Gender
    Male
    Posts
    1,089
    Blog Entries
    1
    Digging around some more, I may have found a better solution. First let's document it properly (TL;DR in the end):
    Looking for this problem specifically in vbulletin led me to this:
    https://www.vbulletin.com/forum/foru...-after-upgrade
    which said it's a Chrome "bug". Chrome, on the other hand, says it's a "won't fix":
    https://bugs.chromium.org/p/chromium...tail?id=703093
    I'm not entirely sure who's a fault here - chrome detecting a false positive, or the editor needs to improve its code security. Some guy here phrased it better (and eventually found a way to improve his code security):
    https://bugs.chromium.org/p/chromium...?id=702542#c24


    TL;DR:
    I found the exact same problem we're having documented here:
    http://forum.turboduck.net/threads/3..._auditor-error
    They suggested this solution: https://xenforo.com/community/thread...2#post-1146809
    Which is to add the following line to config.php:
    Code:
    header('X-XSS-Protection: 1');
    Which doesn't turn the protection off, but does revert it to its previous version that doesn't emit this error.

    Also I'd like to point out I'm consistently getting this error, unlike Seika. Using "Source Mode" does indeed allow me to preview links, so it's likely the WYSIWYG part that's the problem.

  12. #12
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Quote Originally Posted by Quibi View Post
    add to config.php
    Ahaha, welp, we'd need Dark Pulse to exist for that.
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

  13. #13
    Switch on the Holy Night Quibi's Avatar
    Join Date
    Mar 2012
    Age
    27
    Gender
    Male
    Posts
    1,089
    Blog Entries
    1
    Is it a permissions issue or a technical one? 'Cause it's just editing a config file and (maybe) restarting the server...
    And anyway, I suppose he exists since every now and then the forum does go down and I assume someone's there to get it back up...

  14. #14
    The No Sleep King mAc Chaos's Avatar
    Join Date
    Apr 2012
    Location
    Phyrexylvania
    Gender
    Male
    Posts
    18,292
    JP Friend Code
    Throw xN
    Blog Entries
    5
    That's handled by me/Seika and Dovacs.

    I'll see if he can be roused from his slumber.
    He never sleeps. He never dies.

    Battle doesn't need a purpose; the battle is its own purpose. You don't ask why a plague spreads or a field burns. Don't ask why I fight.

  15. #15
    Κυρία Ἐλέησον Seika's Avatar
    Join Date
    Jun 2011
    Location
    Perilous Hall
    Age
    25
    Posts
    12,658
    Blog Entries
    44
    Quote Originally Posted by Quibi View Post
    Is it a permissions issue or a technical one? 'Cause it's just editing a config file and (maybe) restarting the server...
    And anyway, I suppose he exists since every now and then the forum does go down and I assume someone's there to get it back up...
    Admin is a purely forum thing. We've never been given actual server access. I'm pretty sure even the original trio never had it, even while Dark Pulse wasn't an admin and was only handling the technical side.
    Beast's Lair: Useful Notes
    (Lightweight | PDF)
    Updated 01/01/15

    If posts are off-topic, trolling, terrible or offensive, please allow me to do my job. Reporting keeps your forum healthy.
    Seika moderates: modly clarifications, explanations, Q&A, and the British conspiracy to de-codify BL's constitution.

    Democracy on Beast's Lair

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •