Bypassing Chrome’s Anti-XSS Filter,绕过谷歌浏览器 XSS 过滤器。

Hi! Just wanted to share my finding. I’ve found a way to bypass Chrome’s anti-xss filter. This bypass is universal, and it defeats Chrome’s XSSAuditor in all cases!


XSS attacks occur when one website injects JavaScript code into otherwise legitimate requests to another website. The injected script generally attempts to access privileged information. The XSS Filter detects JavaScript in URL and HTTP POST requests. If JavaScript is detected, the XSS Filter searches evidence of reflection. If reflection is detected, the XSS Filter sanitizes the original request so that the additional JavaScript cannot be executed. However, the XSS filter can by bypassed with leading regexp inside svg script tag.


Title: Google Chrome Anti-XSS Filter Bypass
Affected Products: Google Chrome 43.0.2357.124 m (letest stable version)
Discovery Date: 16-06-15
Author: Yosi Ovadia (
Payload: <svg><script>/<1/>alert(document.domain)</script></svg>



The issue was reported to chromium security team, and was fixed within 5 hours. The team marked it as a significant bypass.