The Channel logo
Posted in Microsoft promises IE web-standards love
Posted Monday 23rd March 2009 11:19 GMT
Joe Montana
Flame

Cross site scripting protection?

Earlier versions of IE are much worse than other browsers when it comes to cross site scripting... I haven't tried using 8...

Just some examples, look at the page: http://ha.ckers.org/xss.html which details various encoding methods to bypass XSS filters, many of which work only with IE...

Also if the server returns a content-type of text/plain but the content of the text file looks like html, other browsers will honour the server's content-type and display it as plain text, IE will try to render it as html.

Forums

Forgotten password

Opinion

David McLeman

How I went from Unix engineering to flogging Google apps
My 25 years of comical IT buzzwords
euros_channel_money

Tim Worstall

Why on Earth is Microsoft moving to Euro pricing now?
Time to take a sniff at the coffee, perhaps
joe_tucci_emc_channel

Chris Mellor

EMC's hunt for Joe Tucci replacement continues
Will they have to drag him back like last time?
chain_relationship_channel

Peter O'Neill

Some vendors know how to treat a channel
Are you getting what you want?

Features

cloud_accounting
Reg readers love Private Cloud (true)
Playing the SLA long game
channel_teaser_money_top
IT distributors: The only people adding value to the world economy
More than just middlemen...
cloud computing Fight
The Great El Reg Private Cloud survey: Results are in!
Applications must work for the cloud to float
Paul Cormier, Red Hat
Red Hat hits 10-year, $1bn Enterprise Linux birthday
How a Unix killer crawled from the dot-com bust