PHP Programming

Disabling Internet Explorer Cross Site Scripting Filter (XSS)

A client of mine recently tasked me with figuring out why the newer versions of IE were throwing a Cross Site Scripting (XSS) error.  For the life of me,  couldn’t figure out why.  Maybe it was because they were submitting a form to another server?  Or perhaps because the Javascript was closing the window when it was done?  I don’t know.  But, I did find a nice little trick that allows you to disable the Cross Site Scripting(XSS) filter in IE.

All that you need to do is add “X-XSS-Protection: 0” to the response header.  For instance, to disable the Cross Site Scripting(XSS) filter all you do is:

header(“X-XSS-Protection: 0”);

That’s it.  Usually that will resolve any XSS errors you have.  It may not be the best solution from a security stand point, but it’ll work in a pinch,

Other Programming

Ajax Utility Function

Edit:  This post was made before I started using JQuery or Mootools.  This can safely (luckily) be ignored now.

For the past couple months I’ve been playing around with Ajax style events on a few pages I’ve been working on.  One of the main problems I’ve run into is cross-browser compatibility (surprise!).  To solve that problem, I took the advice of a book that I’m reading and made a utility file for some of the most annoying cross-browser issues:  Event Handlers, Activated Objects, and Request Objects.  You can download the utility file by clicking the link below.

Download utils.js here.

Enjoy!  If you have any questions, please leave them in the comments and I’d be happy to get back with you.