- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SIM x_header_html broken with IE8 & IE9 XSS filter
I still have the same problem as the people in the following post from August 2010.
I can't find any place telling it's solved?
Any work around?
02-06-2012 12:21 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does adding this change anything? It's a meta tag IE added at some point that tells the browser to render for an earlier version, that way they don't need to bother updating their lousy browser. I know it works for rendering, what I don't know is if it affects how security is interpreted as well.
<meta http-equiv="X-UA-Compatible" content="IE=7">
02-06-2012 09:18 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
According the link above, the header is limited to 255 chars.
But, there must be some other limitations, because I have this:
<input type="hidden" name="x_header_html_payment_form" value="<link rel=stylesheet type=text/css href=https://xxxxxxx.xxxxxxxxxxx.xxx/xxx/authnet.css></style>">
and css file has only one line
.Page{background-color: red; }
and "IE has modified this page to help prevent cross-site scripting" even everything is 138 chars long.
<input type="hidden" name="x_header_html_payment_form" value="<style type=text/css media=screen>body{background-image:url(https://xxxxxxx.xxxxxxxxxxx.xxx/xxx/bg.jpg);background-repeat:repeat-x;}</style>">
also doesn't work, but
<input type="hidden" name="x_header_html_payment_form" value="<style type=text/css media=screen>.Page{background:#fff;width:776px;}</style>">
does work fine in IE.
02-06-2012 09:33 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@TJ
How am I going to add meta-tag? Also as a part of the value of x_header_payment_form?
02-06-2012 09:35 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the documentation:
x_header_html_payment_form
The hosted payment form header, Plain text or HTML. Avoid using double quotes.
The text or HTML submitted in this field is displayed as the header on the hosted payment form.
When using HTML styles or referencing a cascading style sheet (.css), it is recommended that you submit this field with the HTML Form POST. With this method there is no character limit.
From the context of it mentioning referencing a CSS file, it seems that this is in fact the page header, and as such you can put in a meta tag.
02-06-2012 09:58 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks TJ
:-)
02-07-2012 06:10 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did it work?
02-07-2012 07:16 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
meta tag didn't.
background image didn't work either.
but shortening x_header and switching logo from x_header to x_logo helped a lot...
and you made me to read Guide a little bit more patiently and detailed :smileylol:
02-07-2012 07:45 AM