I’m working on a legacy app which still needs to support IE11. There’s one screen (a search window in a pop-up) which intermittently triggers the XSS filter, depending on values in the URL β€” despite everything being encoded properly. When this happens the entire screen is prevented from drawing. It’s driving me mad, and to top it off, once it triggers it starts triggering on values which didn’t previously cause the XSS filter to fire.

Edit to add: turning off the XSS filter by setting the header is not allowed.

One thought on “

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.