Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

PreviewXSSFix Plugin for Movable Type

branch: master
Octocat-spinner-32 plugins Initial release February 16, 2012
Octocat-spinner-32 README.md Initial release February 16, 2012
README.md

Preview XSS Fix for Movable Type

This plugin fixes an issue introduced with Google Chrome v17 that causes admin entry previews to display a blank screen.

This seems to happen only when the entry contains img tags with fully qualified src URLs from the same domain as the MT install. For some reason, Chrome now suspects this to be an XSS attack and will not render the iframe with he entry preview.

This plugin adds a response header that tells Chrome to skip its XSS checking for this request. It only adds this for admin Entry Previews.

Something went wrong with that request. Please try again.