Cross-site scripting message in notification bar

Very common message. I’ve been seeing this for a while. Pops up at the bottom of the Internet Explorer window. In the notification bar.

image

image

The hyperlink (URL) that I had opened to trigger the above message is the following:

http://electronics.howstuffworks.com/gadgets/other-gadgets/10-gadgets-that-will-make-dads-day.htm

I’m pretty sure that http://www.howstuffworks.com or http://howstuffworks.com (without the www.) was added to the Trusted Sites zone but fairly certain that http://electronics.howstuffworks.com is not.

I tried adding the following URL to the Trusted Sites zone in Internet Explorer 10.

http://electronics.howstuffworks.com

imageTools, Internet Options, Security tab, Trusted Sites, Sites, Add button

In my case, the address http://electronics.howstuffworks.com is pre-populated (already there) in the Add this website to the zone box. So I just had to click the Add button and the Close button in the lower right of the Trusted Sites dialog box.

image

Then OK:

image

image
Result
Same message

Internet Explorer has modified this page to help prevent cross-site scripting.


If you’re in a corporate, locked down environment, the only thing you can do at this point is modify the Internet Explorer settings. But many organizations do control or govern their systems, including Windows and its native web browsing application, Internet Explorer. The best thing I can offer to any end-user (information worker) having this message is to simply click on the x on the right of the message bar at the bottom of Internet Explorer.

Search

Bing

internet explorer 9 messages at bottom

Answer

Internet Explorer 9 Notification bar: frequently asked questions

Can I ignore notifications?

Yes. The bar might be displayed until you navigate to a new webpage or click the Close button. For notifications involving security or privacy, Internet Explorer automatically takes the most secure action, and allows you to take less secure actions if you’re confident they won’t put your computer or information in danger.

Solution

image

Click the x to ignore the message and close the notification bar. The bar should [I think] also simply close itself if you do nothing, within like 5-10 seconds.

Forum

Microsoft Answers

How do I prevent Internet Explorer from modifying pages for cross-site scripting? Under the security tab for IE8 there is a new Scripting Section for XSS Filter, Disable it and the issue goes away.

 

I don’t ever touch this setting unless there’s some business justification or an RFP (request for proposal) outlining why it’s feasible to disable that setting. However, if you’re not at work and just in the context of a home computer, not used for business, then I’d suggest do it only if you understand what it does.

For more on the [Cross Site Scripting] XSS Filter, read the following articles:

More Information


MSDN Library

Event 1046 – Cross-Site Scripting Filter

Administrators


Windows Help

Cross-site scripting filter

Information workers, home, and end-users

Apple WWDC 2013

The Apple World Wide Developer Conference is going on now. Products discussed, some new:

  • New mobile operating system
  • iOS 7
  • Mac OS upgrade
  • Mavericks
  • New MacBook Air laptops
  • Mac Pro workstation overhaul

Media Coverage

TechCrunch
Live From Apple’s WWDC 2013 Keynote
PC Magazine
Apple’s WWDC Reveals: What They’re Saying
CNET
Apple WWDC 2013 live blog
Wall Street Journal
Live Recap: Apple’s WWDC Keynote
 

Continue reading

Windows 8.1 will upgrade Internet Explorer to 11

India Times
At a Glance: Changes Coming with Windows 8.1 | PC & Laptop | www.indiatimes.com

Caught this in a Bing search for Windows 8.1:

“_ Internet Explorer 11, the next generation of Microsoft’s Web browser, will come with Windows 8.1.”

For more information, check out the following Microsoft blog post.

Blogging Windows
Continuing the Windows 8 vision with Windows 8.1

Touch device tips

File Explorer

The screenshot below [figure 1] is from a free metro app I installed a while back called Metro Commander.

image
Figure 1

Good app compared to the Desktop app. You need to download it from the web using the Store app [figure 2].

image
Figure 2

The app is a metro or Modern UI app so it runs in what I like to call native mode that some may call metro or modern. UI stands for user interface. The screenshots are from my desktop that I’m typing from this very moment. It should be more touch intuitive, if you will, than File Explorer that you would use to explore the file system in the legacy Desktop mode.

Start menu

Swipe [gesture] from the right to get the Charms menu then tap the Start button [figure 3]. Tapping on this button will get you to the Start menu or as I sometimes call it the Start screen.

image
Figure 3

Screenshot accelerator keystroke for non-touch [keyboard] workstation PCs

Start key + PrtScn | SysRq key on the keyboard.

Press and hold the Start key on the keyboard. Then, press the PrtScn key. That’s the key with SysRq under it. The screen should flash (ghost). Release both keys. You can then Ctrl+V (paste) into your target application (document).

image
Device Manager
image
Devices by connection
image
On-Screen Keyboard

You can still use Alt+PrtScn to snag the selected window or just plain hit PrtScn to get the entire screen copied to the clipboard.

You can get to the On-Screen Keyboard simply by going to the Start screen and typing On-S and it should populate, then hit the Enter key.

image
Start screen search results

You can right-click that and pin it to the Start menu or Task Bar if you’d like a shortcut either in Desktop or Modern [metro] mode.