IE8 XSS filter question
The IE8 cross-site scripting filter appears to be causing some intermittent issues with our application. To be honest, I haven't isolated it yet, and it could very well be something like an IE8 add-on or some security software of some kind, but there seems to be something to do with the new xss filter in IE8.
I have done some preliminary research and the problem I have is I cannot find reliable and detailed documentation on what exactly makes the IE8 xss filter work.
In our case, the html page generated by our application could live anywhere (usually on the user's website, but could also be a local document, or could be emailed to someone as an attachment) but returns the form post is back to another site (our site), so the form action attribute is a full url, not a relative one. Note that there is no ajax here - just standard HTML data posting.
What seems to be happening (although we can't reproduce it yet) is that IE8 strips out the action = url from the page, thereby causing the SUBMIT button click to do nothing (no error, just nothing happens - great).
As far as I can tell, the xss filter shouldn't be doing this, but again, kind of sketchy. I suspect that maybe some other add-on or security software might be causing this, but so far we have not been able to isolate it.
Are there experts out there who are familiar with a problem like this that might shed some light or point me in the right direction?
Thank.
source to share
If it is an XSS filter, IE should display an informational message about what is happening. Given your description of where the HTML file is located, I think the problem is that this is a POST in different security zones, which makes IE different, especially when the HTML page is emailed to someone.
source to share