← Back to release summary

XSS Auditor

Category

Security

Type

Feature removal

Status

Removed (Chrome 78)

Intent stage

Removed

Summary

Remove the XSS Auditor from Chrome.

Motivation

The XSS Auditor can introduce cross-site information leaks and mechanisms to bypass the Auditor are widely known.

Standards & signals

• Specification: https://www.chromium.org/developers/design-documents/xss-auditor
• Firefox: Shipped/Shipping — Never had a XSS Filter
• Safari: Shipped/Shipping — Removed XSS Auditor in Fall 2021
• Web developers: Positive — Web developers have complaints about the functionality of the XSS Auditor causing site-breaking "false positives."
• Tracking bug: https://crbug.com/968591

Docs: https://www.chromium.org/developers/design-documents/xss-auditor https://groups.google.com/a/chromium.org/g/blink-dev/c/TuYw-EZhO9g/m/blGViehIAwAJ

View on chromestatus.com