Internet explorer has modified this page to prevent cross-site scripting.
When I first published this article about XSS filters I actually thought that people were interested in how to identify a possible security issue. But from what I am seeing in the online community more are looking to disable the XSS filter in IE 8 and 9.
You're my guest and I want you to be safe. I do what I can, now it's up to you. The XSS warning might be something your site shows often which should be your first clue to start rethinking your scripts and your advertisers.
End Update 7-27-2012
If that is what you would like to do here’s the fastest method of disabling your XSS filters.
- Click on start to bring up your search or run line.
- Type inetcpl.cpl in the search line
- Press the enter key.
- Click the Security Tab (from Internet Properties)
- Select Internet or Local Intranet or Trusted Sites.
- Internet zone is all the www world. Do you trust everything?
- Local Intranet is your local LAN like 192.168.0.1 should be harmless unless you missed something.
- Trusted Sites are sites you totally trust.
Now you have your XSS Filter disabled you are free to surf without a warning or # sign to show you what XSS code was filtered.
To show you how to disable XSS for your trusted networks Princeton.edu has a nice PDF. Thanks IT people at Princeton.edu for the trusted network campus XSS settings, view PDF here.
I hope the steps above helped you disable your XSS filters on your trusted and local connections. If you disabled XSS on your Internet side please read more.
I will suggest more reading and offer you some sample code that I have taken from one of my own sites that had a third party advertiser (no longer allowed) running data collection scripts that the MS XSS filter picked out quickly. I was able to save the code via the # symbol that the IE 8 and 9 XSS filter places in the placeholder of the script.
Video about what the IE XSS Filter does click here.
XSS or Cross Site Scripting is basically when a script is run from a different website other than the website you are currently visiting.
Think of it as a third party cookies, (you block those right?) they have no real reason to be on the website and basically do nothing more than collect information about you and do not interact with the actual website.
In the video they make it look like a hacker which could be possible. But, on your privacy side of life they should show a more believable looking image, maybe something like this. I'll use this image instead of a masked bandit any day.
More information about Advertisers using XSS to collect information even if you don't click the advertisement.
Have a safe .../.../.../...'...'...' ...' /////// Cross Scripting free day!