Joe: I don't get the cross-site scripting error message from IE9 any more, so it appears that issue is resolved

The message has been quelled, but it appears that anything that the XSS filter thinks is suspicious is still being neutered, as evidenced by not being able to save or print anything that includes a script.

All attempts I've made to print a web page (several just to test the theory) results in a failure with an error message saying that a "script object cannot be found." There are a few different messages showing up, but all implicating "script objects/targets" being not retrievable to print.

IE options for saving a web page (File|Save As or Page|Save As) include "html complete," "web archive .mht," "text only," and "html only."

Either "html complete" or "archive mht" will generally appear to save, and files may appear on your machine, but the files either don't open at all or just show a "first screen" with lockup of the browser. Both of these forms would contain any scripts on the page in executable form and the scripts are broken - apparently by the filter - causing the entire Save to fail.

Saves as "html only" are similar to View Code and copying the code, and still work, but don't display (or apparently don't attempt to display) any objects "embedded" via scripts.

Saves as text only are okay, but usually are incredibly messy to try to read, or to edit into something intelligible.

Note that the XSS filter that seems to cause most of the trouble is not specifically related to HTML versions, features in HTML, or browser versions. It is apparently because cross-scripting malware has been appearing with significant frequency, and has thus far been difficult for AV suites to detect and protect against.

The "officially sanctioned" gossip about cross-scripting malware has been that thus far it's been more annoying than dangerous, but there are suggestions that it has the potential to be quite destructive. Whether the aggressive filtering appearing recently is a pre-emptive action based on a real threat or just an example of "fishing with dynamite too close to the boat" is unknown.

If the cross-scripting threat is real, it seems likely that problems similar to recent IE misbehavior will appear in other browsers, but IE is the only browser that gets updates. All the popular others incorporate bug fixes - including new malware defenses - only as new version releases. (Version updates in the other browsers have come at about 60 day intervals recently, and those who resist updating to the latest version of their favorite probably risk continuing vulnerability to the latest malware forms; but Microsoft complains about the "more than half" of IE users who don't even download the patches so there's really not much difference.)

John