March 31, 2017

SharePoint: Workaround for Script Editor and Chrome ERR_BLOCKED_BY_XSS_AUDITOR

Problem

In recent Chrome browser, it has become little annoying to work with SharePoint tool due to Chrome throwing ERR_BLOCKED_BY_XSS_AUDITOR error when working with the Script Editor web part. This is due to XSS auditor on Chrome blocking JavaScript included in the Script Editor Web Part. Issue occurs on SharePoint Online and on-premises SharePoint 2016 and 2013 and occurs regardless if site is accessed via HTTP or HTTPS.

Steps to repro:
  1. On SharePoint publishing page, add Script Editor web part to content area or web part zone
  2. Add the following code to the web part (any JS will do the trick): 

    <script>
    console.log("asd")
    </script>

  3. Click Insert at the bottom of the Script Editor content dialog
    --> Chrome throws you to page saying


    This page isn’t working

    Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).
    • Try visiting the site's homepage.
    ERR_BLOCKED_BY_XSS_AUDITOR

Workaround

You can disable the XSS Auditor by appending the following value to web.config on your on-premises SharePoint 2013 or 2016 web site.

  <system.webServer>
    <httpProtocol>
      <customHeaders>
        <add name="X-XSS-Protection" value="0" />
      </customHeaders>

For SharePoint Online, there is no workaround at the moment.
Posted by at
Labels:

10 comments:

  1. timMarch 31, 2017 at 5:19 PM

    d

    ReplyDelete
  2. AnonymousApril 4, 2017 at 3:33 AM

    OK, I am not using Share point. . . I am attempting to edit the listings in my online store at an auction site.

    How do I correct this problem?

    ReplyDelete
    Replies
    1. Jussi PaloApril 4, 2017 at 7:11 AM

      You would need to contact the auction site host and ask them to add similar header option on their servers.

      Delete
  3. Oscar Ortiz PinzónApril 17, 2017 at 6:19 PM

    excellent my friend, I tried and function perfect!
    SharePoint 2013 server, Standard Edition

    Thank you...

    ReplyDelete
  4. DarrellApril 25, 2017 at 3:12 AM

    This workaround of course does not work with SharePoint Online.

    ReplyDelete
    Replies
    1. bisteMay 3, 2017 at 7:55 PM

      https://www.bmyers.com/public/Bypassing-the-XSS-AUDITOR-error-in-Chrome.cfm

      Delete
    2. UnknownJuly 31, 2017 at 9:41 PM

      This works for SharePoint Online, no server-side modifications needed: http://softlanding.ca/blog/working-past-script-editor-webpart-error-in-sharepoint-on-google-chrome-(2)

      Delete
  5. anandaJuly 22, 2017 at 5:25 PM

    Workaround - Shortcut = "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -disable-xss-auditor . But this solution is not practical..

    ReplyDelete
  6. UnknownJuly 31, 2017 at 9:40 PM

    SharePoint Online workaround here: http://softlanding.ca/blog/working-past-script-editor-webpart-error-in-sharepoint-on-google-chrome-(2)

    ReplyDelete
  7. TedDecember 4, 2017 at 6:26 PM

    That is a whole lot more practical than asking admins to add code to the web.config that will be wiped out by the next SharePoint update. Just sayin :)

    ReplyDelete

Subscribe to: Post Comments (Atom)