Tuesday 12 January 2010 — This is 15 years old. Be careful.
I’ve been struggling with the XSS filter in IE8. It seems capricious and secretive, and is getting in the way of an application we’re running on AOL.com. I asked about it on stackoverflow, and got some more information, but still not enough to get it out of my hair.
Anyone have any experience with this beast?
Comments
For reference, here are some articles on the filter that describe our goals, design philosophy, and architecture:
http://blogs.msdn.com/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
http://blogs.technet.com/srd/archive/2008/08/19/ie-8-xss-filter-architecture-implementation.aspx
http://blogs.msdn.com/dross/archive/2008/07/03/ie8-xss-filter-design-philosophy-in-depth.aspx
If you'd like to get in contact with me but are unable to see the email address associated with this post, please drop me a note here:
http://blogs.msdn.com/dross/contact.aspx
It looks like you may already be in good shape with the header and I see EricLaw responded on StackOverflow. Please let me know if you have any further issues/questions/feedback though, I'd be happy to chat.
Add a comment: