From: Jakub Vrana <jakub@vrana.cz>
Date: Wed, 20 Oct 2010 20:27:51 +0000 (+0200)
Subject: Uses own XSS protection
X-Git-Tag: v3.1.0~59
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=0f3a5258017ffa60b90a9b13b323afac77801b87;p=adminer.git

Uses own XSS protection
---

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index ce13b8ca..e314b593 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -37,6 +37,7 @@ class Adminer {
 	*/
 	function headers() {
 		header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
+		header("X-XSS-Protection: 0"); // prevents introducing XSS in IE8 by removing safe parts of the page
 	}
 	
 	/** Print login form
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 71209989..501fb935 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -28,6 +28,7 @@ class Adminer {
 	
 	function headers() {
 		header("X-Frame-Options: deny");
+		header("X-XSS-Protection: 0");
 	}
 	
 	function loginForm() {