XSS Filter False Positive
I am receiving IE8's new "Internet Explorer has modified this page to help
prevent cross-site scripting" message in my web app. In addition, the only
response IE8 shows is "#", instead of putting "#"s in the offending tags.
We are doing a post to an external domain, and cannot use the
My post does contain html in the parameters that is reflected back in the
I've been playing around with the submission, and it seems like the problem
has something to do with nested or too many tables in the html, and maybe
something to do with style tags as well.
Anyone have any insight into why I'm triggering the filter?