Create an Account
username: password:
 
  MemeStreams Logo

RE: Memo To Google: Stop Screwing with IE Security!
search
Home Agent Weblogs Social Network Post Help About


RE: Memo To Google: Stop Screwing with IE Security!
by Acidus at 1:08 am EDT, Oct 8, 2009

Simon C. Ion wrote:

There is simply no reason anyone should ever use the header X-XSS-Protection. Period. Let alone Google.

Remind me again why J. Random Server Admin (or John Q. Man-in-the-Middle) can remotely disable XSS filtering? What's wrong with the way that NoScript handles this?

If John Q. Man-in-the-Middle is playing with you having your XSS filter is the *least& of your worries ;-)

Keep in mind this is an IE only feature, so NoScript will keep on working no problem.

Now that you mention it I'd be interested in seeing a side-by-side comparison of IE8 XSS filtering and NoScripts. I've seen some great IE8 XSS evasion work done by some of the folks on sla.ckers but never a comparison...

RE: Memo To Google: Stop Screwing with IE Security!

Thread [6] - Reply

  
 
Powered By Industrial Memetics