Uses own XSS protection

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index ce13b8ca61e6e5f2b5cc37d71d870ae4fc5169ab..e314b5936d47210d1f5e7e29aaf5ad027fbdcbe1 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -37,6 +37,7 @@ class Adminer {
        */
        function headers() {
                header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
+               header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
        }
        
        /** Print login form

diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 71209989fb179815a738c13840291c8e468193ac..501fb935db97fbb57018db55db9b1c75c95f22a0 100644 (file)
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -28,6 +28,7 @@ class Adminer {
        
        function headers() {
                header("X-Frame-Options: deny");
+               header("X-XSS-Protection: 0");
        }
        
        function loginForm() {