Using IE8 to mitigate XSS attack


Yesterday I was playing a little bit with IE8 when I received the following warning message in IE window:


 


Internet Explorer has modified this page to prevent a potential cross-site-scripting attack.


 


Yep, that’s right: IE8 now mitigates XSS attack by using the built in XSS Filter. Do you want to know more about this? Check this great explanation/demo below:


http://msdn.microsoft.com/en-us/library/cc994337(VS.85).aspx


 


Also, you can review why IE Team adopted this new approach to prevent XSS attack:


http://blogs.msdn.com/ie/archive/2008/09/29/statistical-validation-of-the-ie8-xss-filter.aspx