Skip to content
PreviewXSSFix Plugin for Movable Type
Latest commit 55070ca Feb 16, 2012 @markcarey Initial release
Failed to load latest commit information.

Preview XSS Fix for Movable Type

This plugin fixes an issue introduced with Google Chrome v17 that causes admin entry previews to display a blank screen.

This seems to happen only when the entry contains img tags with fully qualified src URLs from the same domain as the MT install. For some reason, Chrome now suspects this to be an XSS attack and will not render the iframe with he entry preview.

This plugin adds a response header that tells Chrome to skip its XSS checking for this request. It only adds this for admin Entry Previews.

Something went wrong with that request. Please try again.