Cross-site scripting message in notification bar

Very common message. I’ve been seeing this for a while. Pops up at the bottom of the Internet Explorer window. In the notification bar.

image

image

The hyperlink (URL) that I had opened to trigger the above message is the following:

http://electronics.howstuffworks.com/gadgets/other-gadgets/10-gadgets-that-will-make-dads-day.htm

I’m pretty sure that http://www.howstuffworks.com or http://howstuffworks.com (without the www.) was added to the Trusted Sites zone but fairly certain that http://electronics.howstuffworks.com is not.

I tried adding the following URL to the Trusted Sites zone in Internet Explorer 10.

http://electronics.howstuffworks.com

imageTools, Internet Options, Security tab, Trusted Sites, Sites, Add button

In my case, the address http://electronics.howstuffworks.com is pre-populated (already there) in the Add this website to the zone box. So I just had to click the Add button and the Close button in the lower right of the Trusted Sites dialog box.

image

Then OK:

image

image
Result
Same message

Internet Explorer has modified this page to help prevent cross-site scripting.


If you’re in a corporate, locked down environment, the only thing you can do at this point is modify the Internet Explorer settings. But many organizations do control or govern their systems, including Windows and its native web browsing application, Internet Explorer. The best thing I can offer to any end-user (information worker) having this message is to simply click on the x on the right of the message bar at the bottom of Internet Explorer.

Search

Bing

internet explorer 9 messages at bottom

Answer

Internet Explorer 9 Notification bar: frequently asked questions

Can I ignore notifications?

Yes. The bar might be displayed until you navigate to a new webpage or click the Close button. For notifications involving security or privacy, Internet Explorer automatically takes the most secure action, and allows you to take less secure actions if you’re confident they won’t put your computer or information in danger.

Solution

image

Click the x to ignore the message and close the notification bar. The bar should [I think] also simply close itself if you do nothing, within like 5-10 seconds.

Forum

Microsoft Answers

How do I prevent Internet Explorer from modifying pages for cross-site scripting? Under the security tab for IE8 there is a new Scripting Section for XSS Filter, Disable it and the issue goes away.

 

I don’t ever touch this setting unless there’s some business justification or an RFP (request for proposal) outlining why it’s feasible to disable that setting. However, if you’re not at work and just in the context of a home computer, not used for business, then I’d suggest do it only if you understand what it does.

For more on the [Cross Site Scripting] XSS Filter, read the following articles:

More Information


MSDN Library

Event 1046 – Cross-Site Scripting Filter

Administrators


Windows Help

Cross-site scripting filter

Information workers, home, and end-users

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s