Reply
Highlighted
All Star
Posts: 1,072
Registered: ‎08-17-2009

XSS and IE8 - a common problem and its solution

[ Edited ]

When IE8 was released, they added a new XSS (Cross-Site Scripting) filter which is turned on for all users by default. The purpose of the filter is to detect and mitigate a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when a website, generally malicious, adds JScript to otherwise legitimate requests to another website. You can read more about it at http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx.

To prevent triggering the filter, you should avoid putting script into any of the form fields that you submit to avoid this issue with IE8. This includes <script> tags or <script> tags plus other ways of injecting script on to the page. This also includes the <link rel="stylesheet" type="text/css" href="https://server/our.css"> tag, as Microsoft considers it to be a potential XSS attack.

Basically you can't put <script> tags or <link to stylesheet> tags or <style> tags in your code at all, or you'll receive the error.

 

Hope this helps.

 

Thanks,

 

Michelle

Developer Community Manager