Merge pull request #1387 from micgro42/chromeXSSFalsePositive

[WiP] Deactivate XSS-Protection during preview

Merge pull request #1387 from micgro42/chromeXSSFalsePositive
f00452ac · Andreas Gohr · 9b82d43f · 844aec66 · f00452ac
Commit f00452ac authored 9 years ago by Andreas Gohr
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -29,6 +29,8 @@ function act_dispatch(){

    // give plugins an opportunity to process the action
    $evt = new Doku_Event('ACTION_ACT_PREPROCESS',$ACT);
+
+    $headers = array();
    if ($evt->advise_before()) {

        //sanitize $ACT
@@ -144,8 +146,10 @@ function act_dispatch(){
            $ACT = act_draftdel($ACT);

        //draft saving on preview
-        if($ACT == 'preview')
+        if($ACT == 'preview') {
+            $headers[] = "X-XSS-Protection: 0";
            $ACT = act_draftsave($ACT);
+        }

        //edit
        if(in_array($ACT, array('edit', 'preview', 'recover'))) {
@@ -189,7 +193,6 @@ function act_dispatch(){
    global $license;

    //call template FIXME: all needed vars available?
-    $headers = array();
    $headers[] = 'Content-Type: text/html; charset=utf-8';
    trigger_event('ACTION_HEADERS_SEND',$headers,'act_sendheaders');