This is a short writeup about a technic I found on how to use Webkit XSS editor to your advantage.
As every security researcher knows the “XSS editor” basically killed reflected XSS attacks on every webkit based browser. By reading the requested URL and compering it to the document output the “XSS editor” knows to identify potentially malicious code and block it, this sound grate right? well kind off.
In the example above I force the browser to block “filters.js“, you can also block inline scripts using the same method just include the code into some parameter on your request and the XSS editor will take care of the rest.
As I said this is only useful in some cases but you can pretty much brake any site with this. ; – )