A new feature enables you to block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request in Internet Explorer 8

Article translations Article translations
Article ID: 2510633 - View products that this article applies to.
Expand all | Collapse all

Introduction

Internet Explorer 8 can now block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request if the request is redirected to a different host. An update is now available to enable this new feature. The update adds a navBlockRedirectsXDomain flag that enables callers to opt into this security mitigation. Additionally, the update adds a DWebBrowserEvents2::RedirectXDomainBlocked event to detect any navigation request that is blocked.

This feature enables you to prevent cross-domain headers being sent together with redirected navigation requests. The feature detects blocked navigation requests through the DWebBrowserEvents2::RedirectXDomainBlocked event, and then calls the IWebBrowser2::Navigate2 navigation request again by using the redirected URL that is obtained from the event. However, when the navigation request is called again, the navigation call does not include cross-domain headers.

Note When the navigation request is directed to a URL that has the target property set to “_blank,” cross-domain headers may be sent together with redirected navigation requests.

MORE INFORMATION

Security update information

To resolve this problem, install the most recent cumulative security update for Windows Internet Explorer. To do this, visit the following Microsoft website: 
http://update.microsoft.com
For more technical information about the most recent cumulative security update for Windows Internet Explorer, visit the following Microsoft website: 
http://www.microsoft.com/technet/security/current.aspx
Note This update was first included in security update 2497640 (MS11-018). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2497640 MS11-018: Cumulative Security Update for Internet Explorer
For more information about the IWebBrowser2 interface, visit the following Microsoft Developer Network (MSDN) website:
General information about the IWebBrowser2 interface
For more information about BrowserNavConstants enumeration, visit the following Microsoft Developer Network (MSDN) website:
General information about BrowserNavConstants enumeration
For more information about the target DHTML property, visit the following Microsoft Developer Network (MSDN) website:
General information about the target DHTML property

Properties

Article ID: 2510633 - Last Review: April 12, 2011 - Revision: 1.0
APPLIES TO
  • Windows Internet Explorer 8
Keywords: 
kbexpertiseinter kbsurveynew kbprb KB2510633

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com