IE8 XSS filter: what does it really do?

Question

Internet Explorer 8 has a new security feature, an XSS filter that tries to intercept cross-site scripting attempts. It\'s described this way:

The

Answer 1

Actually, it's worse than might seem. The XSS filter can make safe sites unsafe. Read here: http://www.h-online.com/security/news/item/Security-feature-of-Internet-Explorer-8-unsafe-868837.html

From that article:

However, Google disables IE's XSS filter by sending the X-XSS-Protection: 0 header, which makes it immune.

I don't know enough about your site to judge if this may be a solution, but you can probably try. More in depth, technical discussion of the filter, and how to disable it is here: http://michael-coates.blogspot.com/2009/11/ie8-xss-filter-bug.html