Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off

    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off

    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off

    How to Turn the Cross-site Scripting (XSS) Filter On or Off in IE8 and IE9
    Published by
    Designer Media Ltd


    How to Turn the Cross-site Scripting (XSS) Filter On or Off in IE8 and IE9

       Information
    Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture keystrokes and record your login information and password. If your login information and password is captured, your personal data could be compromised.

    Internet Explorer (IE8 and IE9) has a Cross-Site Scripting (XSS) Filter feature that can help prevent one website from adding potentially malicious script code to another website. XSS Filter analyzes how websites interact, and when it recognizes a potential attack, it will automatically block script code from running. When this happens, you will see a message in the Notification bar letting you know that the webpage was modified to help protect your privacy and security.

    By default the XSS Filter is turned on in IE8 and IE9. This tutorial will show you how to turn the XSS Filter on or off.


    For more detailed information about the XSS Filter in IE8 and IE9, see:
       Note
    If the modified webpage doesn't work properly, in a new browser window, go to the website's home page, and then navigate to the webpage directly. If the page still doesn't work correctly, contact the website's administrator.
       Warning
    It is not recommended to turn off the XSS Filter in IE8 and IE9. Doing so will leave you vulnerable to cross-site scripting attacks as explained above.


    EXAMPLE: XSS Filter Alert Message in Internet Explorer
    NOTE: When the XSS Filter detects script in a cross-site request, it identifies and disables the script if it is replayed in the server's response. When this happens, a "Internet Explorer has modified this page to help prevent cross-site scripting." message is displayed at the bottom of the webpage in IE8 or IE9.
    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off-capture.jpg



    Here's How:
    1. In Internet Explorer, click on Tools (Menu bar) or gear icon (in IE9), and click on Internet Options.

    2. In Internet Options, click on the Security tab, select the Internet zone, and click on the Custom level button. (see screenshot below)
    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off-step1.jpg
    3. Scroll down to the Enable XSS Filter option under the Scripting section. (see screenshot below)
    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off-step2.jpg
    4. To Turn On the XSS Filter in IE8 or IE9
    NOTE: This is the default setting.
    A) Select (dot) Enable under Enable XSS Filter, and click on OK. (see screenshot below step 3)

    B) Go to step 6.
    5. To Turn Off the XSS Filter in IE8 or IE9
    A) Select (dot) Disable under Enable XSS Filter, and click on OK. (see screenshot below step 3)
    6. Click on OK. (see screenshot below step 2)
    That's it,
    Shawn







  1. Posts : 795
    10 Home x64
       #1

    Thanks for posting! Helped :)
      My Computer


  2. Posts : 71,959
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #2

    You're most welcome Craig. :)
      My Computer


  3. Posts : 678
    Windows 7 home premium 64 bit
       #3

    I'm baffled. As usual. This is a Windows 7 forum, is it not? Why would anyone running Windows 7 be using Internet Explorer 8 or 9? Even when I've reinstalled a fresh copy of W7 my default browser was IE10. I don't even think you can download IE8 or 9 on a W7 machine.

    I am regularly getting these cross-scripting messages on IE11 and did a Google search. It returned this baffling page, which was of no use to me, but made me curious about why the page exists.
      My Computer


  4. Posts : 17,322
    Win 10 Pro x64
       #4

    You have to take into account the date this tutorial was created,

    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off-2016-04-27_18h42_30.png

    At which time they were the latest browsers.

    I'm sure there are some people out there who still have those older browsers.

    There are a lot of older threads here that have been resigned to the dusty areas, because newer software or better methods have taken their place.

    We don't, as a rule, just delete threads because they get old.
      My Computer


  5. Posts : 20,583
    Win-7-Pro64bit 7-H-Prem-64bit
       #5

    boweasel said:

    I am regularly getting these cross-scripting messages on IE11 and did a Google search. It returned this baffling page, which was of no use to me, but made me curious about why the page exists.
    Hi,
    Some things never change in browser versions example these settings still exist in ie11

    Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off-xss-filter.jpg
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:08.
Find Us