topic XSS and IE8 - a common problem and its solution in News and Announcements https://community.developer.cybersource.com/t5/News-and-Announcements/XSS-and-IE8-a-common-problem-and-its-solution/m-p/5946#M52 <P>When IE8 was released, they added a new XSS (Cross-Site Scripting) filter which is turned on for all users by default. The purpose of the filter is to detect and mitigate a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when a website, generally malicious, adds JScript to otherwise legitimate requests to another website. You can read more about it at <A rel="nofollow" href="http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx" target="_self">http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx</A>. <BR /><BR />To prevent triggering the filter, you should avoid putting script into any of the form fields that you submit to avoid this issue with IE8. This includes &lt;script&gt; tags or &lt;script&gt; tags plus other ways of injecting script on to the page. This also includes the &lt;link rel="stylesheet" type="text/css" href="https://server/our.css"&gt; tag, as Microsoft considers it to be a potential XSS attack. <BR /><BR />Basically you can't put &lt;script&gt; tags or &lt;link to stylesheet&gt; tags or &lt;style&gt; tags in your code at all, or you'll receive the error.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Michelle</P> <P>Developer Community Manager</P> Thu, 30 Sep 2010 20:53:39 GMT Michelle 2010-09-30T20:53:39Z XSS and IE8 - a common problem and its solution https://community.developer.cybersource.com/t5/News-and-Announcements/XSS-and-IE8-a-common-problem-and-its-solution/m-p/5946#M52 <P>When IE8 was released, they added a new XSS (Cross-Site Scripting) filter which is turned on for all users by default. The purpose of the filter is to detect and mitigate a cross-site scripting (XSS) attack. Cross-site scripting attacks occur when a website, generally malicious, adds JScript to otherwise legitimate requests to another website. You can read more about it at <A rel="nofollow" href="http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx" target="_self">http://msdn.microsoft.com/en-us/library/dd565647%28VS.85%29.aspx</A>. <BR /><BR />To prevent triggering the filter, you should avoid putting script into any of the form fields that you submit to avoid this issue with IE8. This includes &lt;script&gt; tags or &lt;script&gt; tags plus other ways of injecting script on to the page. This also includes the &lt;link rel="stylesheet" type="text/css" href="https://server/our.css"&gt; tag, as Microsoft considers it to be a potential XSS attack. <BR /><BR />Basically you can't put &lt;script&gt; tags or &lt;link to stylesheet&gt; tags or &lt;style&gt; tags in your code at all, or you'll receive the error.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>&nbsp;</P> <P>Michelle</P> <P>Developer Community Manager</P> Thu, 30 Sep 2010 20:53:39 GMT https://community.developer.cybersource.com/t5/News-and-Announcements/XSS-and-IE8-a-common-problem-and-its-solution/m-p/5946#M52 Michelle 2010-09-30T20:53:39Z