I am working on an existing client website using a VERY OLD version of Microsoft Sharepoint. In some of the pages, I have to use a webpart to embed some Javascript code. The web admin is the only access I have to the backend — I don’t have access to the server environment to edit anything directly.

My problem is, with the JS code in place, I can’t edit webparts. Google Chrome throws up a XSS Auditor warning, and won’t let me proceed.

I get it. The XSS Auditor prevents cross-server scripting from compromising security. But in my case, I’m working in the backend of a Fortune 500 company’s intranet, and I need the XSS Auditor to get out of my way.

I finally found the code I needed to disable the XSS Auditor in Google Chrome on MacOS X.

  1. Quit Google Chrome if you have it running.
  2. Go to Applications > Utilities > Terminal.app and launch a Terminal window.
  3. Paste in the below code and hit return to launch Chrome with XSS Auditor turned off.

'/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --disable-xss-auditor

IMPORTANT:

Because we launched Chrome using a Terminal command, the Terminal is keeping Chrome running and logging errors for your information. So don’t close your Terminal window or quit Terminal before you’re done working, as that will exit Chrome.

Because launching Chrome using this method makes your browser vulnerable to cross-server exploits, be sure to quit Chrome and Terminal then relaunch Chrome normally before doing other stuff.

Hope this helps someone like me who Googled forever before finally finding the bit I really needed to get stuff done.