tags:

views:

377

answers:

1
+1  Q: 

How to find the source of IE8 Internet explorer has modified this page to help prevent cross-site scripting

One of my customers gets "Internet explorer has modified this page to help prevent cross-site scripting" error on her website on IE8.

The page has several ajax calls to the same domain + calls to standard js files outside the domain such as google analytics.

How can I detect which call from the browser is actually causing it?

A: 

You can see your request and other error information with the help of IE Developer Toolbar. See its documentation for more info about it. It is addon of IE, once you install it, it will be integrated into IE.

Sarfraz  2010-02-24 11:31:15
I have tried to find the reason with IE developer toolbar, but it does not seem to help identify which of the calls is causing the specific error.
Nir  2010-02-24 11:37:47
@Nir: did you have a look at its documentation, it does provide a way to see the requests.
Sarfraz  2010-02-24 11:43:24
I'm using debugbar to see the requests. I see ajax requests but they are from the same domain + a call to google analytics. I need to find a way to get to the exact request that is causing it.
Nir  2010-02-24 12:07:50

related questions

Why does this remote script cause IE6 to hang?
HTTP input filter like mod_security for WebSphere?
Should I sanitize HTML markup for a hosted CMS?
HTML/Javascript app that runs on the filesystem, security issue
Gracefully closing a frame (toolbar) around an iframe
What's the best method for sanitizing user input with PHP?
How do you htmlencode using html agility pack?
XSS Blacklist - Is anyone aware of a reasonable one?
Do htmlspecialchars and mysql_real_escape_string keep my PHP code safe from injection?
What percentage of my time will be spent in user input verfication during web development?
How do you allow the usage of an <img> while preventing XSS?
What are the best practices for avoid xss attacks in a PHP site
How do use fckEditor safely, without risk of cross site scripting?
Will HTML Encoding prevent all kinds of XSS attacks?
Inform potential clients about security vulnerabilities?
Best Practice: Legitimate Cross-Site Scripting
Access to restricted URI denied code: 1012
How do you set up use HttpOnly cookies in PHP
When is it Best to Sanitize User Input?
How exactly do you configure httpOnlyCookies in ASP.NET?
How do you configure HttpOnly cookies in tomcat / java webapps?
Communicating between websites (using Javascript or ?)
Best regex to catch XSS (Cross-site Scripting) attack (in Java)?
Sanitising user input using Python
Catching SQL Injection and other Malicious Web Requests