diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


IE8 XSS Filter design in-depth

Dross has written a post on XSS Filter to shed some light on design philosophy. To understand current filtering approach, it is useful to look back to the XSS Filter’s very beginnings.  Version 1.0 of the XSS Filter prototype, originally released within Microsoft back in 2002, provided users with the following (ugly!) prompt:

Clearly this is not something that everyday users would understand or find acceptable!  We needed to find a way to make the filtering automatic and painless and thus provide maximum benefit to users.

The approach we are taking today in Internet Explorer 8 doesn’t simply examine URL / POST data for evidence of XSS – it is capable of validating that an XSS attack has been replayed into the response.  Having identified the replayed XSS, we then have the capability to neuter the XSS on the page in a highly targeted fashion.  Thus, the XSS Filter can be effective without modifying an initial request to the server or blocking an entire response.

Full Article

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...