Skip to main content

XSS Filter

Defending Websites from XSS attacks with ModSecurity 2.7.3 and OWASP Core Rule Set 2.2.7

Sunday, April 28, 2013

Even though cross-site scripting vulnerabilities have a 15-year history, they remain a big problem in the web security space. According to our research, there are hundreds of new issues discovered each month, and at least a few of them are being used in high-severity attacks. The general problem of cross-site scripting has no easy solution.

Sharepoint XSS issue

Thursday, April 29, 2010

Today we released Security Advisory 983438 informing customers of a cross-site scripting (XSS) vulnerability in SharePoint Server 2007 and SharePoint Services 3.0. Here we would like to give further technical information about this vulnerability. What is the attack vector? The advisory states that the vulnerability could allow Elevation of Privilege (EoP) within the SharePoint site itself.

XSS Filter Improvements in IE8 RC1

Friday, January 30, 2009

On MondayIE8 RC1 was released. Here are some of the most interesting improvements and bug fixes to the XSS Filter feature: Some byte sequences enabled the filter to be bypassed, depending on system locale URLs containing certain byte sequences bypassed the Beta 2 filter implementation in some locales. For example, with a Chinese locale system, URLs of the following format would bypass the filter:

IE 8 XSS Filter Architecture / Implementation

Tuesday, August 19, 2008

Recently we announced the Internet Explorer 8 XSS Filter and talked a bit about its design philosophy. This post will describe the filter’s architecture and implementation in more detail. Design Goals The Internet Explorer 8 XSS Filter is intended to mitigate reflected / “Type-1” XSS vulnerabilities in a way that does not “break the web.

The IE8 XSS Filter

Wednesday, July 02, 2008

Hello, our team and IE have recently collaborated on a new IE8 feature that was announced today – the XSS Filter. Check it out here: This effort demonstrates our commitment to helping our product teams benefit from the knowledge we have gained while defending our products from attack. Stay tuned to our blog for more stories like this in weeks to come…