website statistics
Using IE8 to mitigate XSS attack - Yuri Diogenes's Blog - Site Home - TechNet Blogs

Yuri Diogenes's Blog

Thoughts from a Senior Knowledge Engineer @ Microsoft Data Center, Devices & Enterprise Client – CSI (Solutions Group)

Using IE8 to mitigate XSS attack

Using IE8 to mitigate XSS attack

  • Comments 1
  • Likes

Yesterday I was playing a little bit with IE8 when I received the following warning message in IE window:

 

Internet Explorer has modified this page to prevent a potential cross-site-scripting attack.

 

Yep, that’s right: IE8 now mitigates XSS attack by using the built in XSS Filter. Do you want to know more about this? Check this great explanation/demo below:

http://msdn.microsoft.com/en-us/library/cc994337(VS.85).aspx

 

Also, you can review why IE Team adopted this new approach to prevent XSS attack:

http://blogs.msdn.com/ie/archive/2008/09/29/statistical-validation-of-the-ie8-xss-filter.aspx

 

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment