Simon Willison’s Weblog

Items tagged xss, security, http

Filters: xss × security × http ×


IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0). # 3rd July 2008, 9:37 am

Don’t serve JSON as text/html. Another sneaky XSS trick. # 5th July 2006, 11:46 pm

Types

Years

Tags