IE8: Cross-site Scripting (XSS) Filter
Published by exdone
Posted on November 23, 2010
error: “Internet Explorer modified this page to prevent a potential cross-site scripting attack”
huh, Really!!!
Background :
Cross-site Scripting (XSS) Filter: This new Internet Explorer 8 feature makes “reflected (Type I) XSS” vulnerabilities harder to exploit. Script can be reflected when a portion of the HTTP request is used to generate the server’s response, allowing malicious script in the request to run with the same level of access as the rest of the page. The XSS Filter monitors all requests and responses flowing through the browser. When the filter detects script in a cross-site request, it identifies and disables the script if it is replayed in the server’s response. When this happens, a “Internet Explorer modified this page to prevent a potential cross-site scripting attack” message is displayed. Web developers who wish to disable the filter for their content can set the following HTTP header.
X-XSS-Protection: 0
- An error has occurred, which probably means the feed is down. Try again later.