Refused to execute a JavaScript script. Source code of script found within request

javascript code-injection

Solution 1:

This "feature" can be disabled by sending the non-standard HTTP header X-XSS-Protection on the affected page.

X-XSS-Protection: 0

Solution 2:

It's a security measure to prevent XSS (cross-site scripting) attacks.

This happens when some JavaScript code is sent to the server via an HTTP POST request, and the same code comes back via the HTTP response. If Chrome detects this situation, the script is refused to run, and you get the error message Refused to execute a JavaScript script. Source code of script found within request.

Also see this blogpost about Security in Depth: New Security Features.

Related

How to do virtual file processing?
Get IFrame's document, from JavaScript in main document
What are the downsides to turning off ProxyCreationEnabled for CTP5 of EF code first
Output Django queryset as JSON
How to check if a windows form is already open, and close it if it is?
why f is placed after float values?
How do I restart a WPF application? [duplicate]
Get the position of the largest value in a multi-dimensional NumPy array
Getting Class type from String
Remove quotes from String in Python
Do I need to wrap quotes around font family names in CSS?
When should I use ?? (nullish coalescing) vs || (logical OR)?