March 31, 2017

SharePoint: Workaround for Script Editor and Chrome ERR_BLOCKED_BY_XSS_AUDITOR

Problem

In recent Chrome browser, it has become little annoying to work with SharePoint tool due to Chrome throwing ERR_BLOCKED_BY_XSS_AUDITOR error when working with the Script Editor web part. This is due to XSS auditor on Chrome blocking JavaScript included in the Script Editor Web Part. Issue occurs on SharePoint Online and on-premises SharePoint 2016 and 2013 and occurs regardless if site is accessed via HTTP or HTTPS.

Steps to repro:
  1. On SharePoint publishing page, add Script Editor web part to content area or web part zone
  2. Add the following code to the web part (any JS will do the trick): 

    <script>
    console.log("asd")
    </script>

  3. Click Insert at the bottom of the Script Editor content dialog
    --> Chrome throws you to page saying


    This page isn’t working

    Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).
    • Try visiting the site's homepage.
    ERR_BLOCKED_BY_XSS_AUDITOR

Workaround

You can disable the XSS Auditor by appending the following value to web.config on your on-premises SharePoint 2013 or 2016 web site.

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="X-XSS-Protection" value="0" />
      </customHeaders>

For SharePoint Online, there is no workaround at the moment.

7 comments:

  1. OK, I am not using Share point. . . I am attempting to edit the listings in my online store at an auction site.

    How do I correct this problem?

    ReplyDelete
    Replies
    1. You would need to contact the auction site host and ask them to add similar header option on their servers.

      Delete
  2. excellent my friend, I tried and function perfect!
    SharePoint 2013 server, Standard Edition

    Thank you...

    ReplyDelete
  3. This workaround of course does not work with SharePoint Online.

    ReplyDelete
    Replies
    1. https://www.bmyers.com/public/Bypassing-the-XSS-AUDITOR-error-in-Chrome.cfm

      Delete
  4. Workaround - Shortcut = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -disable-xss-auditor . But this solution is not practical..

    ReplyDelete