GoFuckYourself.com - Adult Webmaster Forum - View Single Post - "IE has modified this page to prevent cross site scripting"

AdultKing · 06-30-2015, 02:47 AM

This isn't a new feature in IE, it's existed for years.

XXS flaws can exist on the server side (such as websites or web applications) or on the DOM (Client) side.

XSS problems have plagued IE over the years, there was a time new vulnerabilities in the browser were found every couple of weeks.

An XSS vulnerability on a web site can affect SEO if the vulnerability is exploited and you end up with, for example, Pharma spam all over the site which you may not immediately be aware of because the core website looks the same but thousands of pages are indexed into Google.

An XSS vulnerability on the client side shouldn't affect you unless the exploit targets a site run by you for some reason. One example was a problem on a news website whereby an XSS flaw in IE could be used to modify the equally vulnerable news site.

The security of the web is largely based on a same origin policy, in other words the permissions provided by site A are independent of those provided by site B and the two shouldn't be allowed to interact - but XSS vulnerabilities defeat that assumption.

There's a good but lengthy explanation here https://en.wikipedia.org/wiki/Cross-site_scripting

Scroll down and read the Bob / Alice / Mallory examples for some idea of how XSS can affect sites and clients.

06-30-2015, 02:47 AM
AdultKing Raise Your Weapon Industry Role: Join Date: Jun 2003 Location: Outback Australia Posts: 15,601	This isn't a new feature in IE, it's existed for years. XXS flaws can exist on the server side (such as websites or web applications) or on the DOM (Client) side. XSS problems have plagued IE over the years, there was a time new vulnerabilities in the browser were found every couple of weeks. An XSS vulnerability on a web site can affect SEO if the vulnerability is exploited and you end up with, for example, Pharma spam all over the site which you may not immediately be aware of because the core website looks the same but thousands of pages are indexed into Google. An XSS vulnerability on the client side shouldn't affect you unless the exploit targets a site run by you for some reason. One example was a problem on a news website whereby an XSS flaw in IE could be used to modify the equally vulnerable news site. The security of the web is largely based on a same origin policy, in other words the permissions provided by site A are independent of those provided by site B and the two shouldn't be allowed to interact - but XSS vulnerabilities defeat that assumption. There's a good but lengthy explanation here https://en.wikipedia.org/wiki/Cross-site_scripting Scroll down and read the Bob / Alice / Mallory examples for some idea of how XSS can affect sites and clients.