by   April 26 2012   
Internet explorer has modified this page to prevent cross-site scripting. I’ve read about this error and also read about what people shutting down to avoid this warning IE offers. If it's your own website issue then you might take a look at the code a little better. It's something we all have to deal with. It's important to weigh out the risks. If it's your local trusted network then follow the PDF linked in the article.

Internet explorer has modified this page to prevent cross-site scripting.

When I first published this article about XSS filters I actually thought that people were interested in how to identify a possible security issue. But from what I am seeing in the online community more are looking to disable the XSS filter in IE 8 and 9.

Update 7-27-2012: Before you follow the guide on how to disable this feature I'd like to tell you that the server you are currently using enforces XSS protection. So even if you have your protection disabled I run at the server level to protect you and my equipment. I have found many advertisers using XSS in flash and text advertisements. If you see the warning you can right click the # sign and click on Properties. Copy the URL and paste it into your browser then view the source code. To date I have found only one advertisement that had over 40,000 characters! To display a College you need to add 40,000 characters of javascript? No, it slows the sites down, it's spying, it's wrong to monitor keystrokes from visitors. I support blocking advertisers that use this type or script and have a block list pages long. 

You're my guest and I want you to be safe. I do what I can, now it's up to you. The XSS warning might be something your site shows often which should be your first clue to start rethinking your scripts and your advertisers. 

End Update 7-27-2012

If that is what you would like to do here’s the fastest method of disabling your XSS filters.

  1. Click on start to bring up your search or run line.
  2. Type inetcpl.cpl in the search line
  3. Press the enter key.
  4. Click the Security Tab (from Internet Properties)
  5. Select Internet or Local Intranet or Trusted Sites.
    • Internet zone is all the www world. Do you trust everything?
    • Local Intranet is your local LAN like 192.168.0.1 should be harmless unless you missed something.
    • Trusted Sites are sites you totally trust.
  6. Click Custom Level
  7. Scroll down to Scripting
  8. Set Enable XSS Filter to Disable
  9. Click OK
  10. Click OK again (saves and closes Internet Properties)
  11. Optional: Close Internet Explorer (To be sure you have your properties loaded)
  12. Also Optional: Open Internet Explorer

Now you have your XSS Filter disabled you are free to surf without a warning or # sign to show you what XSS code was filtered.

To show you how to disable XSS for your trusted networks Princeton.edu has a nice PDF. Thanks IT people at Princeton.edu for the trusted network campus XSS settings, view PDF here.

I hope the steps above helped you disable your XSS filters on your trusted and local connections. If you disabled XSS on your Internet side please read more.

I will suggest more reading and offer you some sample code that I have taken from one of my own sites that had a third party advertiser (no longer allowed) running data collection scripts that the MS XSS filter picked out quickly. I was able to save the code via the # symbol that the IE 8 and 9 XSS filter places in the placeholder of the script.

Video about what the IE XSS Filter does click here.

XSS or Cross Site Scripting is basically when a script is run from a different website other than the website you are currently visiting.

Think of it as a third party cookies, (you block those right?) they have no real reason to be on the website and basically do nothing more than collect information about you and do not interact with the actual website. Cash -in -pocket

In the video they make it look like a hacker which could be possible. But, on your privacy side of life they should show a more believable looking image, maybe something like this. I'll use this image instead of a masked bandit any day. 

More information about Advertisers using XSS to collect information even if you don't click the advertisement.

Have a safe .../.../.../...'...'...' ...' /////// Cross Scripting free day!

 

Internet explorer has modified this page to prevent cross-site scripting. I’ve read about this error and also read about what people shutting down to avoid this warning IE offers. If it's your own website issue then you might take a look at the code a little better. It's something we all have to deal with. It's important to weigh out the risks. If it's your local trusted network then follow the PDF linked in the article.