| |
| |||||||
| Internet Explorer Discuss IE7 or any other IE version. |
 |
| | LinkBack | Thread Tools |
07-30-2009, 05:00 PM
| |||
| |||
| XSS Filter False Positive I am receiving IE8's new "Internet Explorer has modified this page to help prevent cross-site scripting" message in my web app. In addition, the only response IE8 shows is "#", instead of putting "#"s in the offending tags. We are doing a post to an external domain, and cannot use the X-XSS-Protection tag. My post does contain html in the parameters that is reflected back in the response; however, it doesn't contain any <script> tags or javascript. I've been playing around with the submission, and it seems like the problem has something to do with nested or too many tables in the html, and maybe something to do with style tags as well. Anyone have any insight into why I'm triggering the filter?      |
|
07-30-2009, 05:00 PM
| ||
| |
|
07-30-2009, 05:50 PM
| |||
| |||
| Re: XSS Filter False Positive IE Developer Center http://msdn.microsoft.com/en-us/ie/default.aspx Learn IE8 http://msdn.microsoft.com/en-us/ie/aa740473.aspx MSDN IE Development Forums http://social.msdn.microsoft.com/for...iedevelopment/ Josh Isaac wrote: > I am receiving IE8's new "Internet Explorer has modified this page to help > prevent cross-site scripting" message in my web app. In addition, the > only > response IE8 shows is "#", instead of putting "#"s in the offending tags. > > We are doing a post to an external domain, and cannot use the > X-XSS-Protection tag. > > My post does contain html in the parameters that is reflected back in the > response; however, it doesn't contain any <script> tags or javascript. > > I've been playing around with the submission, and it seems like the > problem > has something to do with nested or too many tables in the html, and maybe > something to do with style tags as well. > > Anyone have any insight into why I'm triggering the filter? |
|
10-28-2009, 12:10 PM
| |||
| |||
| Re: XSS Filter False Positive I am seeing the message in the info bar. I clicked for more info and went through all of the suggested steps to no avail. Is there any way to turn it off or stop IE8 from modifying web pages? Please post responses in consumer english. "PA Bear [MS MVP]" wrote: > IE Developer Center > http://msdn.microsoft.com/en-us/ie/default.aspx > > Learn IE8 > http://msdn.microsoft.com/en-us/ie/aa740473.aspx > > MSDN IE Development Forums > http://social.msdn.microsoft.com/for...iedevelopment/ > > > Josh Isaac wrote: > > I am receiving IE8's new "Internet Explorer has modified this page to help > > prevent cross-site scripting" message in my web app. In addition, the > > only > > response IE8 shows is "#", instead of putting "#"s in the offending tags. > > > > We are doing a post to an external domain, and cannot use the > > X-XSS-Protection tag. > > > > My post does contain html in the parameters that is reflected back in the > > response; however, it doesn't contain any <script> tags or javascript. > > > > I've been playing around with the submission, and it seems like the > > problem > > has something to do with nested or too many tables in the html, and maybe > > something to do with style tags as well. > > > > Anyone have any insight into why I'm triggering the filter? > > |
|
10-28-2009, 07:30 PM
| |||
| |||
| Re: XSS Filter False Positive Google Adsence or AddThis script injections.. "Mike" <Mike@discussions.microsoft.com> wrote in message news:55B76A7B-B091-4BFE-83F0-B8AA5D5DE6A8@microsoft.com... > I am seeing the message in the info bar. I clicked for more info and went > through all of the suggested steps to no avail. Is there any way to turn > it > off or stop IE8 from modifying web pages? Please post responses in > consumer > english. > > "PA Bear [MS MVP]" wrote: > >> IE Developer Center >> http://msdn.microsoft.com/en-us/ie/default.aspx >> >> Learn IE8 >> http://msdn.microsoft.com/en-us/ie/aa740473.aspx >> >> MSDN IE Development Forums >> http://social.msdn.microsoft.com/for...iedevelopment/ >> >> >> Josh Isaac wrote: >> > I am receiving IE8's new "Internet Explorer has modified this page to >> > help >> > prevent cross-site scripting" message in my web app. In addition, the >> > only >> > response IE8 shows is "#", instead of putting "#"s in the offending >> > tags. >> > >> > We are doing a post to an external domain, and cannot use the >> > X-XSS-Protection tag. >> > >> > My post does contain html in the parameters that is reflected back in >> > the >> > response; however, it doesn't contain any <script> tags or javascript. >> > >> > I've been playing around with the submission, and it seems like the >> > problem >> > has something to do with nested or too many tables in the html, and >> > maybe >> > something to do with style tags as well. >> > >> > Anyone have any insight into why I'm triggering the filter? >> >> > |
|
| Bookmarks |
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| OT:Malwarebytes update for today gives 18 False Positive results | R. McCarty | Windows XP | 2 | 04-02-2009 12:40 PM |
| positive comments on IE 8 | D. | Internet Explorer | 2 | 03-29-2009 08:46 AM |
| WGA False-Positive - a legally purchased copy reports that it's not genuine | Stefan | Windows Vista | 57 | 05-28-2007 06:40 PM |
| False positive hardware change. | superemu | Windows Vista | 11 | 04-26-2007 09:30 AM |
| New To Technology Questions? | Do You Need Help with Your Computer or Device? | Do You Need Help with this site? |
