Internet Explorer cross-site scripting warning
I came across the warning “Internet Explorer has modified this page to help prevent cross-site scripting.” which is triggered by the IE8 security filter.
However, IE gives no clues of why the warning was triggered or what was modified to prevent it. Annoying.
To get some more information you must download Microsoft Application Compatibility Toolkit and run the Internet Explorer Compatibility Test Tool.
More information about this particular issue with XSS is available here.
It is possible to stop this warning from occuring (beside actually fixing the underlying issue) by adding a custom header entry: X-XSS-Protection: 0
Internet Explorer 8 is really good. This browser is very very stable and i have been using it for quite a while without blue screens or crashes.
I have an ajax app that is being broken by this “feature” of IE.
I have tried setting the x-xss-protection header to 0 and verified its in place but it does not disable the stupid feature!
It breaks a request I make to a hidden iframe to generate page content.
anyone had any luck getting legit apps through this feature?