From 0f3a5258017ffa60b90a9b13b323afac77801b87 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Wed, 20 Oct 2010 22:27:51 +0200
Subject: [PATCH] Uses own XSS protection

---
 adminer/include/adminer.inc.php | 1 +
 editor/include/adminer.inc.php  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index ce13b8ca..e314b593 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -37,6 +37,7 @@ class Adminer {
 	*/
 	function headers() {
 		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
+		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
 	}
 	
 	/** Print login form
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 71209989..501fb935 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -28,6 +28,7 @@ class Adminer {
 	
 	function headers() {
 		header("X-Frame-Options: deny");
+		header("X-XSS-Protection: 0");
 	}
 	
 	function loginForm() {