As a security engineer, I often had to test our sites for Cross Site Scripting vulnerabilities. Specially after a dynamic scanner "found" an XSS. The problem is that most modern browsers provide some baseline protection to the user. So simple
<script>alert(1)</script> type of testing doesn't always work.
A simple test like:
will result in something like
The truth is, the page is vulnerable against XSS, and even Chrome can be fooled and their XSS auditor can be bypassed. But when trying to secure a site, I really don't want to spend my time working around my tool.
joubin /Users/joubin/Desktop → killall "Google Chrome" joubin /Users/joubin/Desktop → open -na Google\ Chrome --args --disable-web-security --user-data-dir="/tmp/chrome_dev"
So, taking a pointer off the great work Eloston did with Ungoogled Chromium, I have created a fork where I disable
Security. So far I only have tested the Mac Version, but I don't see any reason other builds would break.
You can find the code on my Github and follow the ungoogled_chromium build instructions!