3

Create file index.html with this code:

<html> 
<body>
<form action="index.html" method="post">
<textarea name="content">
</textarea><br>
<input type="submit" value="submit">
</form>
</body>
</html>

Open this file in Google Chrome. Enter in textarea this text

action="index.html"

and press submit button. Open Developer Tools (press Ctrl+Shift+I) and see this 

<html> 
<body>
<form action="about:blank" method="post">
<textarea name="content">
</textarea><br>
<input type="submit" value="submit">
</form>
</body>
</html>

Why action="index.html" replaced by action="about:blank"?

Problem exists only in Google Chrome, current version 28.0.1500.72 m.

4

1 回答 1

7

问题是来自 chrome 的 XSS 过滤器。它改变action了它认为是注射的形式,因为about:blank(除其他外)

尝试发送X-XSS-Protection: 0标头以禁用它。

所以,它不是一个错误,它是一个功能。

在此处阅读更多信息:https ://code.google.com/p/chromium/issues/detail?id=83503

于 2013-07-23T16:16:54.297 回答