We have discussed about cross-site scripting also known as cross server scripting or XSS in the post How To Prevent Cross Site Scripting (XSS) and Click Jacking. There we have discussed about how to prevent XSS in major browsers including Internet Explorer 8 and Mozilla Firefox.
Since Click Jacking is one of the most common threats you may face during web browsing , it is better to consider some automatic protection against such threats. Let us see how you can prevent malicious JavaScript from running on sites you visit, if you are using Google Chrome Browser.
As we discussed in one of our earlier post about Google Chrome Flags (chrome about labs) the Google chrome labs provides a tool that can be used to prevent Cross Site Scripting (XSS) and Click Jacking.
Google Chrome Lab tool “XSS Auditor” will Enables WebKit’s XSS Auditor (cross-site scripting protection). This feature aims to protect the browser users from certain attacks of malicious websites. As mentioned at “about:flags” the tool “improves your security, but it might not be compatible with all websites“. We can enable this tool using the about:flags internal page or using “chrome://flags/“.
How to enable XSS Auditor Chrome lab tool To Prevent cross domain scripting (XSS) ?
Follow the below steps to enable the XSS Auditor Chrome lab tool. Remember all these are experimental feature. Read the warning message displayed in the about:flags internal page before proceeding , otherwise you may experience undesired results.
- Open Chrome browser.
- Type about:flags in the URL address bar and hit enter
- “about:flags” internal page appears with “radio active” icon indicating the experimental nature.
- Find “XSS Auditor” and click enable.
- This plugin enables WebKit’s XSS Auditor that offers cross-site scripting protection and protect you from certain attacks of malicious websites.
As we discussed earlier there is another way to access the flags or Chrome labs tools is by using “chrome://flags/“. Type “chrome://flags/” in the URL address bar and hit enter.
Before you go, subscribe to get latest technology articles right in your mailbox!.