Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

XSS Filter False Positive

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 07-31-2009
Josh Isaac
 

Posts: n/a
XSS Filter False Positive
I am receiving IE8's new "Internet Explorer has modified this page to help
prevent cross-site scripting" message in my web app. In addition, the only
response IE8 shows is "#", instead of putting "#"s in the offending tags.

We are doing a post to an external domain, and cannot use the
X-XSS-Protection tag.

My post does contain html in the parameters that is reflected back in the
response; however, it doesn't contain any <script> tags or javascript.

I've been playing around with the submission, and it seems like the problem
has something to do with nested or too many tables in the html, and maybe
something to do with style tags as well.

Anyone have any insight into why I'm triggering the filter?
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-31-2009
PA Bear [MS MVP]
 

Posts: n/a
Re: XSS Filter False Positive
IE Developer Center
http://msdn.microsoft.com/en-us/ie/default.aspx

Learn IE8
http://msdn.microsoft.com/en-us/ie/aa740473.aspx

MSDN IE Development Forums
http://social.msdn.microsoft.com/for...iedevelopment/


Josh Isaac wrote:
> I am receiving IE8's new "Internet Explorer has modified this page to help
> prevent cross-site scripting" message in my web app. In addition, the
> only
> response IE8 shows is "#", instead of putting "#"s in the offending tags.
>
> We are doing a post to an external domain, and cannot use the
> X-XSS-Protection tag.
>
> My post does contain html in the parameters that is reflected back in the
> response; however, it doesn't contain any <script> tags or javascript.
>
> I've been playing around with the submission, and it seems like the
> problem
> has something to do with nested or too many tables in the html, and maybe
> something to do with style tags as well.
>
> Anyone have any insight into why I'm triggering the filter?


Reply With Quote
  #3 (permalink)  
Old 10-28-2009
Mike
 

Posts: n/a
Re: XSS Filter False Positive
I am seeing the message in the info bar. I clicked for more info and went
through all of the suggested steps to no avail. Is there any way to turn it
off or stop IE8 from modifying web pages? Please post responses in consumer
english.

"PA Bear [MS MVP]" wrote:

> IE Developer Center
> http://msdn.microsoft.com/en-us/ie/default.aspx
>
> Learn IE8
> http://msdn.microsoft.com/en-us/ie/aa740473.aspx
>
> MSDN IE Development Forums
> http://social.msdn.microsoft.com/for...iedevelopment/
>
>
> Josh Isaac wrote:
> > I am receiving IE8's new "Internet Explorer has modified this page to help
> > prevent cross-site scripting" message in my web app. In addition, the
> > only
> > response IE8 shows is "#", instead of putting "#"s in the offending tags.
> >
> > We are doing a post to an external domain, and cannot use the
> > X-XSS-Protection tag.
> >
> > My post does contain html in the parameters that is reflected back in the
> > response; however, it doesn't contain any <script> tags or javascript.
> >
> > I've been playing around with the submission, and it seems like the
> > problem
> > has something to do with nested or too many tables in the html, and maybe
> > something to do with style tags as well.
> >
> > Anyone have any insight into why I'm triggering the filter?

>
>

Reply With Quote
  #4 (permalink)  
Old 10-29-2009
rob^_^
 

Posts: n/a
Re: XSS Filter False Positive
Google Adsence or AddThis script injections..


"Mike" <Mike@discussions.microsoft.com> wrote in message
news:55B76A7B-B091-4BFE-83F0-B8AA5D5DE6A8@microsoft.com...
> I am seeing the message in the info bar. I clicked for more info and went
> through all of the suggested steps to no avail. Is there any way to turn
> it
> off or stop IE8 from modifying web pages? Please post responses in
> consumer
> english.
>
> "PA Bear [MS MVP]" wrote:
>
>> IE Developer Center
>> http://msdn.microsoft.com/en-us/ie/default.aspx
>>
>> Learn IE8
>> http://msdn.microsoft.com/en-us/ie/aa740473.aspx
>>
>> MSDN IE Development Forums
>> http://social.msdn.microsoft.com/for...iedevelopment/
>>
>>
>> Josh Isaac wrote:
>> > I am receiving IE8's new "Internet Explorer has modified this page to
>> > help
>> > prevent cross-site scripting" message in my web app. In addition, the
>> > only
>> > response IE8 shows is "#", instead of putting "#"s in the offending
>> > tags.
>> >
>> > We are doing a post to an external domain, and cannot use the
>> > X-XSS-Protection tag.
>> >
>> > My post does contain html in the parameters that is reflected back in
>> > the
>> > response; however, it doesn't contain any <script> tags or javascript.
>> >
>> > I've been playing around with the submission, and it seems like the
>> > problem
>> > has something to do with nested or too many tables in the html, and
>> > maybe
>> > something to do with style tags as well.
>> >
>> > Anyone have any insight into why I'm triggering the filter?

>>
>>

>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
CA Apologizes for False Positive , (Sun, Jul 12th) Steve Security News 0 07-12-2009 18:00
too many false positive jumk email anna microsoft.public.windows.vista.mail 1 11-18-2007 16:03
MySpace Gets False Positive In Sex Offender Search Steve General Technology News 0 05-30-2007 18:45
Symantec false positive cripples thousands of Chinese PCs Steve Security News 0 05-19-2007 05:04
False positive hardware change. superemu microsoft.public.windows.vista.general 11 04-26-2007 17:16




All times are GMT +1. The time now is 07:50.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120