none
Can I disable the "...has modified this page to prevent cross site scripting" message?

    Question

  • I've searched around for an answer and have seen the question a few times, NOT answered:  When I load pages such as failblog.org, I get a box telling me that Internet Exploler has modified this page to prevent cross site scripting.  All this message does is lets me know the site has code that could compromise my computer if used maliciously.  95% of users probably don't understand this.  Yet there is no action to be taken.

    Can the message be disabled without disabling the modification?  Do I need to be told this, every time I go to Failblog.org?

    Sunday, January 29, 2012 4:07 PM

Answers

  • Hi,

    1. Add *.cheezeburger.com to your Restricted Sites Zone. (recommended) or add *.failblog.org to your Resticted Sites Zone.

    or

    2. Turn off XSS filtering as described here http://www.sevenforums.com/tutorials/169672-internet-explorer-cross-site-scripting-xss-filter-turn-off.html

    NOT RECOMMENDED.... cause

    Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture keystrokes and record your login information and password. If your login information and password is captured, your personal data could be compromised.

    Turning off XSS in the Internet Zone will compromise your computer on other web sites you visit.

    if you are the web site developer, correct the following errors (from the IE Developer tool console)

    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.eot?#iefix
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.woff
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.ttf
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.eot?#iefix
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.woff
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.ttf
    No relay set (used as window.postMessage targetOrigin), cannot send cross-domain message 
    HTML1115: X-UA-Compatible META tag ('IE=9, IE=8, chrome=1') ignored because document mode is already finalized. 
    fastbutton?url=http%3A%2F%2Freferrer.dodo.com.au%2Fgoogleaw%2FMWBBAllPlansJan12V2CPC%2F&source=displayad&align=left&size=small&resize=true&count=true&db=1&textcolor=FFFFFF&ad=true&cr=10102778352&ag=2094895272&annotation=inline&width=712&hl=en-US&jsh=m%3B%2F_%2Fapps-static%2F_%2Fjs%2Fwidget%2F__features__%2Frt%3Dj%2Fver%3DOWqHKTdEImQ.en_GB.%2Fsv%3D1%2Fam%3D!mERVC2k_3r6Im8QV0w%2Fd%3D1%2F
    

    3. Do not visit the site until they have cleared up THEIR XXS issues.

     


    Rob^_^
    Sunday, January 29, 2012 8:05 PM

All replies

  • Hi,

    1. Add *.cheezeburger.com to your Restricted Sites Zone. (recommended) or add *.failblog.org to your Resticted Sites Zone.

    or

    2. Turn off XSS filtering as described here http://www.sevenforums.com/tutorials/169672-internet-explorer-cross-site-scripting-xss-filter-turn-off.html

    NOT RECOMMENDED.... cause

    Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture keystrokes and record your login information and password. If your login information and password is captured, your personal data could be compromised.

    Turning off XSS in the Internet Zone will compromise your computer on other web sites you visit.

    if you are the web site developer, correct the following errors (from the IE Developer tool console)

    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.eot?#iefix
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.woff
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-reg-webfont.ttf
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.eot?#iefix
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.woff
    CSS3117: @font-face failed cross-origin request. Resource access is restricted. 
    proximanovacond-sbold-webfont.ttf
    No relay set (used as window.postMessage targetOrigin), cannot send cross-domain message 
    HTML1115: X-UA-Compatible META tag ('IE=9, IE=8, chrome=1') ignored because document mode is already finalized. 
    fastbutton?url=http%3A%2F%2Freferrer.dodo.com.au%2Fgoogleaw%2FMWBBAllPlansJan12V2CPC%2F&source=displayad&align=left&size=small&resize=true&count=true&db=1&textcolor=FFFFFF&ad=true&cr=10102778352&ag=2094895272&annotation=inline&width=712&hl=en-US&jsh=m%3B%2F_%2Fapps-static%2F_%2Fjs%2Fwidget%2F__features__%2Frt%3Dj%2Fver%3DOWqHKTdEImQ.en_GB.%2Fsv%3D1%2Fam%3D!mERVC2k_3r6Im8QV0w%2Fd%3D1%2F
    

    3. Do not visit the site until they have cleared up THEIR XXS issues.

     


    Rob^_^
    Sunday, January 29, 2012 8:05 PM
  • You failed to answer the question!  He asked how you DISABLE THE MESSAGE, NOT THE FEATURE. I have the same issue. It seems as if everyone who is asked this question ignores the principle concern and goes off on a tangent explaining the dangers of XSS scripts. We get it!! The issue is the interrupting notification that often appears when IE blocks such a script. Again, we do no wish to disable the feature, only the message that appears. Mamma Mia! What does it take to get this across??? 
    Wednesday, October 23, 2013 11:04 AM
  • This question is nearly two years old; any productive further discussion should probably be on a new thread.

    The message cannot be disabled without disabling the feature (either via the response header or the INETCPL checkbox). The modifications undertaken by the XSS Filter may break the page, and as a consequence it was deemed important that the user know that a modification was made.

    Wednesday, October 23, 2013 2:09 PM