Uses own XSS protection

2010-10-20 22:27:51 +02:00 · 2010-10-20 22:27:51 +02:00 · 0f3a525801
parent cb153ac0d1
commit 0f3a525801
2 changed files with 2 additions and 0 deletions
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@ -37,6 +37,7 @@ class Adminer {
 	*/
 	function headers() {
 		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
+		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
 	}
 	
 	/** Print login form
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@ -28,6 +28,7 @@ class Adminer {
 	
 	function headers() {
 		header("X-Frame-Options: deny");
+		header("X-XSS-Protection: 0");
 	}
 	
 	function loginForm() {