"IE has modified this page to prevent cross site scripting" - GoFuckYourself.com

Colmike9 · 06-29-2015, 01:16 PM

Just saw this for the first time in IE on the bottom bar, turns out it's an option that's on by default in settings:
"IE has modified this page to prevent cross site scripting"

...Since when has XSS been that bad that a browser has to modify the page and how exactly does it modify the page?
Also, how might it affect SEO? And would it be worth getting around with XSS evasion methods or by using iFrames or is it best to just put everything on the same server?..

AdultKing · 06-30-2015, 02:47 AM

This isn't a new feature in IE, it's existed for years.

XXS flaws can exist on the server side (such as websites or web applications) or on the DOM (Client) side.

XSS problems have plagued IE over the years, there was a time new vulnerabilities in the browser were found every couple of weeks.

An XSS vulnerability on a web site can affect SEO if the vulnerability is exploited and you end up with, for example, Pharma spam all over the site which you may not immediately be aware of because the core website looks the same but thousands of pages are indexed into Google.

An XSS vulnerability on the client side shouldn't affect you unless the exploit targets a site run by you for some reason. One example was a problem on a news website whereby an XSS flaw in IE could be used to modify the equally vulnerable news site.

The security of the web is largely based on a same origin policy, in other words the permissions provided by site A are independent of those provided by site B and the two shouldn't be allowed to interact - but XSS vulnerabilities defeat that assumption.

There's a good but lengthy explanation here https://en.wikipedia.org/wiki/Cross-site_scripting

Scroll down and read the Bob / Alice / Mallory examples for some idea of how XSS can affect sites and clients.

06-29-2015, 01:16 PM	#1
Colmike9 (>^_^)b Industry Role: Join Date: Dec 2011 Posts: 7,223	"IE has modified this page to prevent cross site scripting" Just saw this for the first time in IE on the bottom bar, turns out it's an option that's on by default in settings: "IE has modified this page to prevent cross site scripting" ...Since when has XSS been that bad that a browser has to modify the page and how exactly does it modify the page? Also, how might it affect SEO? And would it be worth getting around with XSS evasion methods or by using iFrames or is it best to just put everything on the same server?.. __________________ Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

06-30-2015, 02:47 AM	#2
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,601	This isn't a new feature in IE, it's existed for years. XXS flaws can exist on the server side (such as websites or web applications) or on the DOM (Client) side. XSS problems have plagued IE over the years, there was a time new vulnerabilities in the browser were found every couple of weeks. An XSS vulnerability on a web site can affect SEO if the vulnerability is exploited and you end up with, for example, Pharma spam all over the site which you may not immediately be aware of because the core website looks the same but thousands of pages are indexed into Google. An XSS vulnerability on the client side shouldn't affect you unless the exploit targets a site run by you for some reason. One example was a problem on a news website whereby an XSS flaw in IE could be used to modify the equally vulnerable news site. The security of the web is largely based on a same origin policy, in other words the permissions provided by site A are independent of those provided by site B and the two shouldn't be allowed to interact - but XSS vulnerabilities defeat that assumption. There's a good but lengthy explanation here https://en.wikipedia.org/wiki/Cross-site_scripting Scroll down and read the Bob / Alice / Mallory examples for some idea of how XSS can affect sites and clients.