Showing results for 
Search instead for 
Did you mean: 

SIM x_header_html broken with IE8 & IE9 XSS filter

I still have the same problem as the people in the following post from August 2010.


I can't find any place telling it's solved? 

Any work around?



Does adding this change anything? It's a meta tag IE added at some point that tells the browser to render for an earlier version, that way they don't need to bother updating their lousy browser. I know it works for rendering, what I don't know is if it affects how security is interpreted as well.


<meta http-equiv="X-UA-Compatible" content="IE=7">

According the link above, the header is limited to 255 chars.

But, there must be some other limitations, because I have this:


<input type="hidden" name="x_header_html_payment_form" value="<link rel=stylesheet type=text/css href=></style>">


and css file has only one line


.Page{background-color: red; }


and "IE has modified this page to help prevent cross-site scripting" even everything is 138 chars long.


<input type="hidden" name="x_header_html_payment_form" value="<style type=text/css media=screen>body{background-image:url(;background-repeat:repeat-x;}</style>">


also doesn't work, but

<input type="hidden" name="x_header_html_payment_form" value="<style type=text/css media=screen>.Page{background:#fff;width:776px;}</style>">


does work fine in IE.



How am I going to add meta-tag? Also as a part of the value of  x_header_payment_form?

From the documentation:


The hosted payment form header, Plain text or HTML. Avoid using double quotes.

The text or HTML submitted in this field is displayed as the header on the hosted payment form.

When using HTML styles or referencing a cascading style sheet (.css), it is recommended that you submit this field with the HTML Form POST. With this method there is no character limit.


From the context of it mentioning referencing a CSS file, it seems that this is in fact the page header, and as such you can put in a meta tag.

Thanks TJ


Did it work?

meta tag didn't.

background image didn't work either.

but shortening x_header and switching logo from x_header to x_logo helped a lot...

and you made me to read Guide a little bit more patiently and detailed :smileylol: