What triggers "Internet Explorer has modified this page to help prevent cross-site scripting."?
You can configure the X-XSS-Protection header on your server. This will tell IE to disable XSS protection on your site.
kayahr
„People assume that a Closure is a function having access to the parent scope, even after the parent function has closed, but actually from a non-linear, non-subjective viewpoint - it's more like a big ball of wibbly wobbly... timey wimey... stuff.“ – The JavaScript Doctor
Updated on June 04, 2022Comments
-
kayahr almost 2 years
I'm trying to implement a workaround for missing CORS functionality in Internet Explorer. For GET requests I use JSONP, no problem here. For small POST/DELETE/PUT requests I also use JSONP by tunneling the requests through GET but this does not work for larger requests (Because the length of the GET URL is limited). So for large data I try to implement a form POST via an iframe. I can't read the response from this POST because of the same-origin policy so I fetch the response via a JSONP GET request after posting the data. Works great but sometimes I get a strange warning in IE 9:
Internet Explorer has modified this page to help prevent cross-site scripting.First I wondered what the hell IE is doing there because even when this warning appears everything still works correctly. Then I found out that IE replaces the content of the hidden iframe AFTER the POST answer (which I can't read and need anyway) with a "#" character.
So my workaround still works even when this warning appears but I would like to know what exactly triggers this warning so maybe I can modify my CORS workaround to get rid of this warning. Any hints?