Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off


Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off

How to Turn the Cross-site Scripting (XSS) Filter On or Off in IE8 and IE9
Published by Brink
16 Jun 2011
Published by

How to Turn the Cross-site Scripting (XSS) Filter On or Off in IE8 and IE9

information   Information
Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture keystrokes and record your login information and password. If your login information and password is captured, your personal data could be compromised.

Internet Explorer (IE8 and IE9) has a Cross-Site Scripting (XSS) Filter feature that can help prevent one website from adding potentially malicious script code to another website. XSS Filter analyzes how websites interact, and when it recognizes a potential attack, it will automatically block script code from running. When this happens, you will see a message in the Notification bar letting you know that the webpage was modified to help protect your privacy and security.

By default the XSS Filter is turned on in IE8 and IE9. This tutorial will show you how to turn the XSS Filter on or off.


For more detailed information about the XSS Filter in IE8 and IE9, see:
Note   Note
If the modified webpage doesn't work properly, in a new browser window, go to the website's home page, and then navigate to the webpage directly. If the page still doesn't work correctly, contact the website's administrator.
warning   Warning
It is not recommended to turn off the XSS Filter in IE8 and IE9. Doing so will leave you vulnerable to cross-site scripting attacks as explained above.


EXAMPLE: XSS Filter Alert Message in Internet Explorer
NOTE: When the XSS Filter detects script in a cross-site request, it identifies and disables the script if it is replayed in the server's response. When this happens, a "Internet Explorer has modified this page to help prevent cross-site scripting." message is displayed at the bottom of the webpage in IE8 or IE9.
Name:  Capture.JPG
Views: 54887
Size:  17.3 KB


Here's How:
1. In Internet Explorer, click on Tools (Menu bar) or gear icon (in IE9), and click on Internet Options.

2. In Internet Options, click on the Security tab, select the Internet zone, and click on the Custom level button. (see screenshot below)
Name:  Step1.jpg
Views: 53656
Size:  86.2 KB
3. Scroll down to the Enable XSS Filter option under the Scripting section. (see screenshot below)
Name:  Step2.jpg
Views: 53807
Size:  70.3 KB
4. To Turn On the XSS Filter in IE8 or IE9
NOTE: This is the default setting.
A) Select (dot) Enable under Enable XSS Filter, and click on OK. (see screenshot below step 3)

B) Go to step 6.
5. To Turn Off the XSS Filter in IE8 or IE9
A) Select (dot) Disable under Enable XSS Filter, and click on OK. (see screenshot below step 3)
6. Click on OK. (see screenshot below step 2)
That's it,
Shawn




03 Jul 2011   #1
MadSupra354

 

Thanks for posting! Helped


My System SpecsSystem Spec
03 Jul 2011   #2
Brink
Microsoft MVP

64-bit Windows 10 build 10074
 
 

You're most welcome Craig.
My System SpecsSystem Spec
Comment

 Internet Explorer - Cross-site Scripting (XSS) Filter - Turn On or Off




Tutorial Tools





Similar help and support threads
Windows 7 Tutorial Category
Internet Explorer SmartScreen Filter - Report Unsafe Website
How to Report an Unsafe Website with SmartScreen Filter in Internet Explorer This will show you how to either report a website as unsafe or report a website flagged as unsafe as safe with SmartScreen Filter in IE8, IE9, or IE10. To Report Unsafe Website with SmartScreen Filter 1. In...
Tutorials
Internet Explorer SmartScreen Filter - Turn On or Off
How to Turn "SmartScreen Filter" On or Off in Internet Explorer SmartScreen Filter is a feature in IE8, IE9, IE10, or IE11 that helps detect phishing websites, and can also help protect you from installing malicious software or malware. Online phishing (pronounced like the word fishing)...
Tutorials
InPrivate Filter Manager for Internet Explorer 8
InPrivate Browsing enables you to surf the web without leaving a trail in Internet Explorer. This helps prevent anyone else who might be using your computer from seeing where you visited and what you have looked at on the web. You can start InPrivate Browsing from the new tab page or the Safety...
Browsers & Mail
IE9 and Cross-site Scripting
I have IE 9. Does anyone know if I can shut this off? This happens when I try to click to see my profile. A pop up of my profile would come up. TY
Browsers & Mail
Internet Explorer 8 SmartScreen Filter Reaches Important Milestone
More - Internet Explorer 8 SmartScreen Filter Reaches Important Milestone
News
Guidance on Internet Explorer XSS Filter
More...
News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:05.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App