Disable XSS Auditor in Google Chrome on MacOS X

I am working on an existing client website using a VERY OLD version of Microsoft Sharepoint. In some of the pages, I have to use a webpart to embed some Javascript code. The web admin is the only access I have to the backend — I don’t have access to the server environment to edit anything directly.

My problem is, with the JS code in place, I can’t edit webparts. Google Chrome throws up a XSS Auditor warning, and won’t let me proceed.

I get it. The XSS Auditor prevents cross-server scripting from compromising security. But in my case, I’m working in the backend of a Fortune 500 company’s intranet, and I need the XSS Auditor to get out of my way.

I finally found the code I needed to disable the XSS Auditor in Google Chrome on MacOS X.

  1. Quit Google Chrome if you have it running.
  2. Go to Applications > Utilities > Terminal.app and launch a Terminal window.
  3. Paste in the below code and hit return to launch Chrome with XSS Auditor turned off.

'/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --disable-xss-auditor


Because we launched Chrome using a Terminal command, the Terminal is keeping Chrome running and logging errors for your information. So don’t close your Terminal window or quit Terminal before you’re done working, as that will exit Chrome.

Because launching Chrome using this method makes your browser vulnerable to cross-server exploits, be sure to quit Chrome and Terminal then relaunch Chrome normally before doing other stuff.

Hope this helps someone like me who Googled forever before finally finding the bit I really needed to get stuff done.

Google Chrome on Mac OS: very nice

The Google love affair continues. The Google Chrome browser, in beta, is lightweight and robust. Over the last two days, I’ve made Chrome my default browser. In that time, I’ve had no problems at all. None. By comparison, Firefox feels sluggish in normal browsing, and Safari tends to choke on Google Docs. Even the dreaded Flash hasn’t caused me any problems. To experience this level of stability and performance in a preview / beta is just fantastic.

I think I have a new default browser!

For those that care, I’m running Mac OS X 10.5.8 on a 15″ MacBook Pro 2.4 GHz Intel Core 2 Duo with 2 GB RAM.

Safari 4.0, slick and fast

Apple pushed out an update earlier this week, bringing mostly security enhancements and bug fixes to Mac OS X. Included in the update to Mac OS X 10.5.7 is the final version of Safari 4.0, the Apple developed web browser based on Webkit.

At first glance, there are some minor cosmetic changes to the interface. But starting to surf with Safari 4.0, I immediately appreciated just how fast it has become.

If Apple applies the same level of refinements to the OS as they have with this recent update, then 10.6 Snow Leopard is going to be amazing even without any major new features.

Firefox, Safari and Chrome: Battle of the Betas


Consumers benefit from competition, and as the Browser Wars 2 heat up, Internet users have a lot of choice for web browser. 

As Apple and Google work to nibble at Firefox’s share of the browser space, all three vendors have a beta version available for users to try out.

If you use one of these browsers, you may be tempted to download and install the beta version. Running beta software can be fun, especially if you enjoy being one of the first to try out new features. Maybe there is one special feature you’ve read about that is begin added that you can’t wait to use. Or if your current version is crashing, you may be hopeful that installing the newer version, even if it is a beta, will make your Internet experience more reliable. Or you may be hoping to get faster performance out of the beta, since all three of these browsers are touting faster Javascript performance. 

The downside to installing beta software is that beta means it isn’t finished yet. This usually means the software hasn’t been completely tested, is at least somewhat unstable, and prone to crashing. If the software was ready for prime time, it wouldn’t have the beta designation.

I saw on Twitter this week where someone I was following was having crashing problems after upgrading to the 3.5 beta version of Firefox. My response, “Beta? Betta not, at least not on the computer you rely on to get things done.” And I’ve said this for years.

Maybe I’m getting old and cantankerous, but I’ve gotten to the point where I just want my computer to work and do the things I want it to do. I’ve suffered through enough buggy software and operating systems that I’m willing to wait until the developers iron out the problems and release a stable product. I’ve had enough with problems, I’m not signing on for more.

So if you’re going to install a beta version, have fun with it. But don’t complain about crashing — that is par for the course with beta.

That said, I dare you:

Note: Internet Explorer  8 was just released, so no beta for 9 yet. And I wish I could get excited about Opera, but the bug never caught.

Block Flash in Your Browser

FlashBlock for Firefox in action - this banner ad was blocked until I clicked the logo in the center.

This banner ad was blocked until I clicked the logo in the center.

As a web designer, I have a love/hate relationship with Adobe Flash. Flash can be a great interface for displaying interactive information. But Flash is also a security vulnerability, and Flash is a common format for banner ads.

My main beef with Flash as a user has to do with the banner ads. Flash banners are almost never served off the same server as the website they appear on. Instead, Flash banners are served by ad network servers that can dramatically slow the performance of the page you’re viewing. 

Now, there is a plugin that gives you the power.

If you’re using Firefox, you can install FlashBlock, and on Safari you can install ClicktoFlash. Internet Explorer users can install Toggle Flash. Google Chrome users may have to wait a while for Google to implement plugins, though there are kludges for installing FlashBlock for the technically minded.

In both cases, the web pages you view will not load the Flash elements by default, instead displaying a button you can click to deliberately load the Flash element you want to see. By blocking the default loading of Flash elements, you minimize your security risk through the Flash plugin and should see an increase in page loading times.