You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 23, 2022. It is now read-only.
On line 308 you check that headersXXP[0][0].group(1) is equal to 1 and then check if the same thing is not equal to "block", rather than checking the actual mode value against "block". So effectively, as long as the X-XSS header is set to 1, the "mode" is not actually checked, and an issue will appear stating that the X-XSS protection header is active but not running in block mode.
The fix is to change the second headersXXP[0][0].group(1) to headersXXP[0][0].group(2), so the entire line should read:
elif len(headersXXP) == 1 and int(headersXXP[0][0].group(1)) == 1 and headersXXP[0][0].group(2) != "block":
It's a great extension otherwise! Use it all the time, hence how I found this bug.
Edited to correct a few errors in my explanation.
The text was updated successfully, but these errors were encountered:
On line 308 you check that headersXXP[0][0].group(1) is equal to 1 and then check if the same thing is not equal to "block", rather than checking the actual mode value against "block". So effectively, as long as the X-XSS header is set to 1, the "mode" is not actually checked, and an issue will appear stating that the X-XSS protection header is active but not running in block mode.
The fix is to change the second headersXXP[0][0].group(1) to headersXXP[0][0].group(2), so the entire line should read:
elif len(headersXXP) == 1 and int(headersXXP[0][0].group(1)) == 1 and headersXXP[0][0].group(2) != "block":
It's a great extension otherwise! Use it all the time, hence how I found this bug.
Edited to correct a few errors in my explanation.
The text was updated successfully, but these errors were encountered: