Remove the XSS Auditor from Chrome.

Motivation

The XSS Auditor can introduce cross-site information leaks and mechanisms to bypass the Auditor are widely known.

Documentation

• https://www.chromium.org/developers/design-documents/xss-auditor
• https://groups.google.com/a/chromium.org/forum/?utm_medium=email&utm_source=footer#!msg/blink-dev/TuYw-EZhO9g/TCpThW81EAAJ

Specification

No public standards discussion

Status in Chromium

Blink components: Blink>SecurityFeature

Removed (tracking bug) in:

• Chrome for desktop release 78
• Chrome for Android release 78

Consensus & Standardization

• Firefox: No signal
• Edge: Shipped/Shipping
• Safari: No signal
• Web Developers: Positive

Owner

• tsepez@chromium.org

Intent to Prototype url

Search tags

Last updated on 2021-03-12