I'm in the middle of project and could use a little help.
I'm writing a webapp that when a page is visited it gets redirected to another page with a customized header and a GET request!
I can add the html code to the end of the URL and the page accepts it but the chrome XSS Auditor detects the code as malicious and sanitizes it!!!
when I use an interceptor and add the code to the header on the fly it's OK so I should redirect the user to the page while customizing the header without changing the URL!!!
the page is www.mysite.com/login/
I want to add this code to the header: ?b0f4c"><a>d294b6910ec=1
so the header will be: GET /login/?b0f4c"><a>d294b6910ec=1 HTTP/1.1
but I can't change the URL like this: www.mysite.com/login/?b0f4c"><a>d294b6910ec=1
I'm using the FLASK framework and python for my redirector so I could use python libraries and frameworks...