XSS - Prevention works on IE but does not work in Chrome

3

By preventing an XSS attack (alert (123;)) using the Html.Encode the code on screen is as follows:

<select class="combobox" id="xssSelect" name="cmbXss">
<option selected="selected" value="1">&lt;script&gt;alert(123;)&lt;/script&gt;</option>
<option value="2">Opcao2</option>
<option value="3">Opcao3</option>
</select> 

If you run in IE this combo works perfectly, however in Chrome it hangs and I can not change the options. Give to do this test by the stackoverflow itself executing the code snippet between IE and Chrome.

Note: I'm using Chrome version Version 43.0.2357.81 m

Note2: The stackoverflow itself is preventing XSS attack when I enter the value ... then it follows the value that I am preventing in my image code

    
asked by anonymous 08.06.2015 / 23:14

1 answer

2

Bug for the current version of Chrome.

When you run the same code in version 42, the error does not occur.

I've reported the problem to Google. If anyone would like to follow, follow the link: link

    
08.06.2015 / 23:56