Chrome displays an Error page when saving Announcement Banner with a Script

XMLWordPrintable

    • Type: Bug
    • Resolution: Unresolved
    • Priority: Low
    • None
    • Affects Version/s: 7.2.15, 7.6.11, 7.8.0
    • Component/s: Administration - Others
    • 7.02
    • 6
    • Severity 3 - Minor
    • 1

      Problem

      Chrome 57+ has new functionality XSS_AUDITOR: detects unusual code on this page and blockes it to protect your personal information (for example, passwords, phone numbers, and credit cards).

      Steps to reproduce

      1. Access JIRA using Chrome browser
      2. Go to Announcement Banner
      3. Enter a script e.g.: 
        <script>
 function() {
   var testVar = "/rest/api/2.0/issue";

   function testScript ($field, testParam) {
     if (!testParam || testParam.length === 0) {
       testFunc($field);
     }
   }
 }
</script>
      4. Click Set Banner

      Expected behavior

      Chrome displays no error

      Actual behavior

      Chrome displays an error page warning that the used script might contain unusual code: ERR_BLOCKED_BY_XSS_AUDITOR

      Notes

      1. Despite the error page:
        • The script is saved successfully and works as intended
        • Other JIRA pages can be accessed normally and going back to Announcement Banner page shows no problem
      2. Firefox doesn't display an error page

      See related pages regarding to Chrome:

        1. script.jpg
          200 kB
          Andy Nguyen

            Assignee:
            Unassigned
            Reporter:
            Andy Nguyen (Inactive)
            Votes:
            12 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated: