I'm developing a tool for XSS checking, using the Webkit WebView and Macruby. This works great, except that occasionally Safari's XSS filter catches my URLs and refuses to execute evil scripts. Is there a way to disable this functionality, preferably programatically?

So after some digging I found the solution. There's an undocumented, private method called 'setXSSAuditorEnabled' on WebPreferences. So in my case, I did view.preferences.XSSAuditorEnabled = false to make it work.

I have modified the web.config file:

<system.webServer>
    <httpProtocol>
        <customHeaders>
            <clear />
            <add name="X-XSS-Protection" value="0" />
        </customHeaders>
    </httpProtocol>
</system.webServer>

I don't know how to implement the above solution, I so did this and it works.