Web browser bookmarklets allow you to perform actions on the current page with just a click or tap. They’re a lightweight alternative to browser extensions. They even work on mobile browsers that don’t support traditional extensions.
To use bookmarklets, all you need is a web browser that supports bookmarks — that’s it!
Bookmarklets in WordPress post
header("X-XSS-Protection: 0"); to wp-blog-header.php in the root folder. This is insecure as it switches off the XSS protection on your WordPress site but it does allow the bookmarklet code to be rendered when the page loads.
Add the hyperlink in Text mode and avoid using Visual Mode.
The problem only arises when you click the
Preview button in WordPress, and only on that initial page load. Apparently WordPress sends along some of the HTML in the request headers, and that triggers the XSS functionality in the browser. If you load the preview, and then you refresh the page, the XSS issue goes away, and the