News and Announcements

User Guidelines for newbies along with news about Authorize.Net and the Developer Community.

All Star
Posts: 1,072
Registered: ‎08-17-2009

XSS and IE8 - a common problem and its solution

[ Edited ]

When IE8 was released, they added a new XSS (Cross-Site Scripting) filter which is turned on for all users by default. The purpose of the filter is to detect and mitigate a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when a website, generally malicious, adds JScript to otherwise legitimate requests to another website. You can read more about it at

To prevent triggering the filter, you should avoid putting script into any of the form fields that you submit to avoid this issue with IE8. This includes <script> tags or <script> tags plus other ways of injecting script on to the page. This also includes the <link rel="stylesheet" type="text/css" href="https://server/our.css"> tag, as Microsoft considers it to be a potential XSS attack.

Basically you can't put <script> tags or <link to stylesheet> tags or <style> tags in your code at all, or you'll receive the error.


Hope this helps.





Developer Community Manager