Enable XSS Auditor in Google Chrome To Prevent Cross Domain Scripting (XSS) and Click Jacking
We have discussed about cross-site scripting also known as cross server scripting or XSS in the post How To Prevent Cross Site Scripting (XSS) and Click Jacking. There we have discussed about how to prevent XSS in major browsers including Internet Explorer 8 and Mozilla Firefox.
As we discussed in one of our earlier post about Google Chrome Flags (chrome about labs) the Google chrome labs provides a tool that can be used to prevent Cross Site Scripting (XSS) and Click Jacking.
Google Chrome Lab tool “XSS Auditor” will Enables WebKit’s XSS Auditor (cross-site scripting protection). This feature aims to protect the browser users from certain attacks of malicious websites. As mentioned at “about:flags” the tool “improves your security, but it might not be compatible with all websites“. We can enable this tool using the about:flags internal page or using “chrome://flags/“.
How to enable XSS Auditor Chrome lab tool To Prevent cross domain scripting (XSS) ?
Follow the below steps to enable the XSS Auditor Chrome lab tool. Remember all these are experimental feature. Read the warning message displayed in the about:flags internal page before proceeding , otherwise you may experience undesired results.
- Open Chrome browser.
- Type about:flags in the URL address bar and hit enter
- “about:flags” internal page appears with “radio active” icon indicating the experimental nature.
- Find “XSS Auditor” and click enable.
- This plugin enables WebKit’s XSS Auditor that offers cross-site scripting protection and protect you from certain attacks of malicious websites.
As we discussed earlier there is another way to access the flags or Chrome labs tools is by using “chrome://flags/“. Type “chrome://flags/” in the URL address bar and hit enter.