XSS - Prevention works on IE but does not work in Chrome

Question

XSS - Prevention works on IE but does not work in Chrome

Navigation

#1 by (2 votes)

3

By preventing an XSS attack (alert (123;)) using the Html.Encode the code on screen is as follows:

<select class="combobox" id="xssSelect" name="cmbXss">
<option selected="selected" value="1">&lt;script&gt;alert(123;)&lt;/script&gt;</option>
<option value="2">Opcao2</option>
<option value="3">Opcao3</option>
</select>

If you run in IE this combo works perfectly, however in Chrome it hangs and I can not change the options. Give to do this test by the stackoverflow itself executing the code snippet between IE and Chrome.

Note: I'm using Chrome version Version 43.0.2357.81 m

Note2: The stackoverflow itself is preventing XSS attack when I enter the value ... then it follows the value that I am preventing in my image code

html google-chrome xss

asked by anonymous 08.06.2015 / 23:14

1 answer

Datepicker Asp.Net SQL Count ROWS

score 2 · Answer 1

Bug for the current version of Chrome.

When you run the same code in version 42, the error does not occur.

I've reported the problem to Google. If anyone would like to follow, follow the link: link