We have several sites in our local network that have found their way onto Internet Explorer 8′s bad list when it comes to XSS. These are not necessarily sites we have developed but part of 3rd party published applications that provide a web interface. There’s a quick way to disable this for trusted sites through IE settings which I will show below. First, let’s take a look at what XSS is…
What is XSS? Is it like CSS?
How do I bypass the filter for trusted sites?
Generally you woudn’t want to turn the XSS filtering in IE 8 off at a global level unless there is a great reason to do so. What I have done is added the site I want to adjust to my trusted sites group and then manipulated my trusted site settings.
Head to Tools -> Internet Options -> Security. Click on “Trusted Sites” and click the “Custom Level” button.
Scroll down in the options until you see “Enable XSS Filter” and choose “Disable”
While you are in there you also may want to adjust for mixed http and https content. You can do that in the heading “Display Mixed Content”
I hope you found this post useful … it’s just one of those things we learn as IE 8 is used more. Overall I’m very thankful for the update IE 8 has provided.