The XSS Filter in Internet Explorer 8 improperly blocks HTTP response rendered as XML

Article ID: 2524198 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

When you submit an HTTP request using Internet Explorer (IE) 8 to a target page hosted in a web application, the IE XSS Filter may block the response. This occurs even if the request and response are from the same domain. It also occurs even if you attempt to disable the XSS Filter feature by setting the following HTTP response header on the server: 
X-XSS-Protection: 0

CAUSE

Microsoft has confirmed that this is a problem in the products listed in the Applies-To section of this article..


RESOLUTION

To workaround the issue, submit the HTTP request to a page that then performs an HTTP 307 redirect to the target page. 

This problem is resolved in Internet Explorer 9. 


Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2524198 - Last Review: March 17, 2011 - Revision: 2.0
APPLIES TO
  • Windows Internet Explorer 8
Keywords: 
KB2524198

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com