XSS Filter False Positive

Discussion in 'Internet Explorer' started by Josh Isaac, Jul 31, 2009.

  1. Josh Isaac

    Josh Isaac Guest

    I am receiving IE8's new "Internet Explorer has modified this page to help
    prevent cross-site scripting" message in my web app. In addition, the only
    response IE8 shows is "#", instead of putting "#"s in the offending tags.

    We are doing a post to an external domain, and cannot use the
    X-XSS-Protection tag.

    My post does contain html in the parameters that is reflected back in the
    response; however, it doesn't contain any <script> tags or javascript.

    I've been playing around with the submission, and it seems like the problem
    has something to do with nested or too many tables in the html, and maybe
    something to do with style tags as well.

    Anyone have any insight into why I'm triggering the filter?
     
    Josh Isaac, Jul 31, 2009
    #1
    1. Advertisements

    1. Advertisements

  2. Josh Isaac

    Mike Guest

    I am seeing the message in the info bar. I clicked for more info and went
    through all of the suggested steps to no avail. Is there any way to turn it
    off or stop IE8 from modifying web pages? Please post responses in consumer
    english.
     
    Mike, Oct 28, 2009
    #3
  3. Josh Isaac

    rob^_^ Guest

    Google Adsence or AddThis script injections..


     
    rob^_^, Oct 29, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.