Skip to content


Subversion checkout URL

You can clone with
Download ZIP
PreviewXSSFix Plugin for Movable Type
Fetching latest commit...
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
plugins/PreviewXSSFix Initial release Initial release

Preview XSS Fix for Movable Type

This plugin fixes an issue introduced with Google Chrome v17 that causes admin entry previews to display a blank screen.

This seems to happen only when the entry contains img tags with fully qualified src URLs from the same domain as the MT install. For some reason, Chrome now suspects this to be an XSS attack and will not render the iframe with he entry preview.

This plugin adds a response header that tells Chrome to skip its XSS checking for this request. It only adds this for admin Entry Previews.

Something went wrong with that request. Please try again.