Using IE8 to mitigate XSS attack
Yesterday I was playing a little bit with IE8 when I received the following warning message in IE window:
Internet Explorer has modified this page to prevent a potential cross-site-scripting attack.
Yep, that’s right: IE8 now mitigates XSS attack by using the built in XSS Filter. Do you want to know more about this? Check this great explanation/demo below:
https://msdn.microsoft.com/en-us/library/cc994337(VS.85).aspx
Also, you can review why IE Team adopted this new approach to prevent XSS attack:
https://blogs.msdn.com/ie/archive/2008/09/29/statistical-validation-of-the-ie8-xss-filter.aspx