Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea.
-
Recent Posts
- Feb 11, ’12 atxryan: RT @matthewcrist: Contractor has offered us $500 for positive Angie’s List reviews. This must be why every A+ company we’ve hired from t …
- Feb 11, ’12 atxryan: @pamelafox I’ve used it to store and quickly load product data in catalog browsing. What were your two interesting discoveries?
- Feb 10, ’12 atxryan: @amcclosky That looks promising. Where is that? It looks like the hideout behind the sign.
- Feb 10, ’12 atxryan: @BaldMan @BarCampATX I concur! I’d love to discuss at Tuesday’s @RefreshAustin.
- Feb 10, ’12 Untitled (http://i.imgur.com/Lus4Y.png)
-
More Info
