Lyrics & Knowledge Personal Pages Record Shop Auction Links Radio & Media Kids Membership Help
The Mudcat Cafemuddy

Post to this Thread - Sort Descending - Printer Friendly - Home


Tech: Internet Explorer and Mudcat issue

Arthur_itus 31 Mar 11 - 02:48 PM
Bonzo3legs 31 Mar 11 - 04:30 PM
Arthur_itus 31 Mar 11 - 04:41 PM
Bert 31 Mar 11 - 04:45 PM
MartinRyan 31 Mar 11 - 04:48 PM
Arthur_itus 31 Mar 11 - 04:48 PM
Arthur_itus 31 Mar 11 - 04:53 PM
Greg F. 31 Mar 11 - 05:06 PM
Arthur_itus 31 Mar 11 - 05:07 PM
Bonzo3legs 31 Mar 11 - 05:07 PM
Tangledwood 31 Mar 11 - 05:07 PM
Max 31 Mar 11 - 05:11 PM
McGrath of Harlow 31 Mar 11 - 05:12 PM
Arthur_itus 31 Mar 11 - 05:13 PM
Arthur_itus 31 Mar 11 - 05:14 PM
Max 31 Mar 11 - 05:15 PM
Arthur_itus 31 Mar 11 - 05:20 PM
Snuffy 31 Mar 11 - 05:35 PM
The Fooles Troupe 31 Mar 11 - 07:26 PM
Donuel 31 Mar 11 - 07:30 PM
JohnInKansas 01 Apr 11 - 01:46 AM
Acme 01 Apr 11 - 10:42 AM
Bill D 01 Apr 11 - 12:46 PM
Max 01 Apr 11 - 01:56 PM
ClaireBear 01 Apr 11 - 02:06 PM
Arthur_itus 01 Apr 11 - 02:28 PM
Arthur_itus 01 Apr 11 - 02:56 PM
Simon G 01 Apr 11 - 03:48 PM
Arthur_itus 01 Apr 11 - 03:52 PM
BrooklynJay 01 Apr 11 - 03:56 PM
Arthur_itus 01 Apr 11 - 03:57 PM
Max 01 Apr 11 - 04:56 PM
Arthur_itus 01 Apr 11 - 05:02 PM
Q (Frank Staplin) 02 Apr 11 - 01:10 PM
michaelr 02 Apr 11 - 02:17 PM
TopcatBanjo 02 Apr 11 - 05:45 PM
Joe Offer 02 Apr 11 - 05:57 PM
GUEST 02 Apr 11 - 09:30 PM
The Fooles Troupe 03 Apr 11 - 04:19 AM
Bernard 03 Apr 11 - 06:12 AM
The Fooles Troupe 03 Apr 11 - 08:49 AM
JohnInKansas 03 Apr 11 - 08:12 PM
My guru always said 04 Apr 11 - 02:22 AM
The Fooles Troupe 04 Apr 11 - 03:09 AM
Bert 04 Apr 11 - 04:15 PM
Arthur_itus 04 Apr 11 - 04:36 PM
GUEST 06 Apr 11 - 12:27 AM
JohnInKansas 14 Apr 11 - 06:49 AM
The Fooles Troupe 14 Apr 11 - 08:33 AM
The Fooles Troupe 14 Apr 11 - 08:51 AM
Arthur_itus 14 Apr 11 - 12:45 PM
JohnInKansas 14 Apr 11 - 02:12 PM
The Fooles Troupe 14 Apr 11 - 07:21 PM
JohnInKansas 14 Apr 11 - 09:43 PM
GUEST,.gargoyle 14 Apr 11 - 10:32 PM
The Fooles Troupe 15 Apr 11 - 10:31 AM
JohnInKansas 15 Apr 11 - 04:07 PM
Joe Offer 15 Apr 11 - 04:18 PM
Bill D 15 Apr 11 - 05:51 PM
The Fooles Troupe 15 Apr 11 - 07:02 PM
JohnInKansas 15 Apr 11 - 09:22 PM
JohnInKansas 23 Apr 11 - 04:08 PM
The Fooles Troupe 23 Apr 11 - 08:26 PM
Joe Offer 13 May 11 - 04:29 AM
MartinRyan 13 May 11 - 04:30 AM
JohnInKansas 14 May 11 - 04:42 AM
Share Thread
more
Lyrics & Knowledge Search [Advanced]
DT  Forum
Sort (Forum) by:relevance date
DT Lyrics:









Subject: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 02:48 PM

This hasn't happened before and I suspect that it has something to do with the latest updates to Internet Explorer.

When I click on a thread, I get a message bar above the thread that warns me about protecting Cross Site scripting.

What is going on here, as there does not seem anyway to tell it to accept Mudcat.

What and why is this happening?

Listed below is what Microsoft say.

How does Internet Explorer help protect me from cross-site scripting attacks?

Internet Explorer's Cross-Site Scripting (XSS) Filter can help prevent one website from adding script code to another website. XSS Filter watches how websites interact, and when it recognizes a potential attack, it will automatically block script code from running. When this happens, you will see a message in the Information bar letting you know that the webpage was modified to help protect your privacy and security.

If the modified webpage does not work properly, try going to the home page of the website and navigating to the webpage directly. If the page still does not work correctly, contact the website's administrator.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bonzo3legs
Date: 31 Mar 11 - 04:30 PM

It's a pain in the neck!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 04:41 PM

It keeps on coming up with Internet Explorer has modified this page to help prevent cross site scripting.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bert
Date: 31 Mar 11 - 04:45 PM

Why on earth would you be using Internet Explorer?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: MartinRyan
Date: 31 Mar 11 - 04:48 PM

I've been seeing the same message today - never before.

Regards


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 04:48 PM

Becuase I like it and I don't have the hang ups that some peopel do.

I don't have issues with Microsoft.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 04:53 PM

Thanks Martin. Obviously it's not just me.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Greg F.
Date: 31 Mar 11 - 05:06 PM

Firefox.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 05:07 PM

No Thanks


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bonzo3legs
Date: 31 Mar 11 - 05:07 PM

"Becuase I like it and I don't have the hang ups that some peopel do.

I don't have issues with Microsoft."

Agreed


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Tangledwood
Date: 31 Mar 11 - 05:07 PM

Same here, it started yesterday.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Max
Date: 31 Mar 11 - 05:11 PM

Yep, IE 9 says we're up to no good. We use some software in the background of mudcat to watch the activity and alert us to trends and errors. It's called chartbeat. IE9 doesn't like it, but I know its safe. If it ain't killing you, just ignore it, we should have it sorted out soon.

Not sure what is so terrible about the error. I've been testing and such myself, and if you X it out once, it stops alerting you. Or add *.chartbeat.com to your safe site list.

If that doesn't lower your blood pressure, maybe you need more hobbies.

And if you don't have hangups with Microsoft, I guess you do now, huh?

Mudcat is unchanged in that area, so before blaming me, think about a multi-billion dollar corporation who passes out shit and calls it diamonds in an upgrade that coincidentally coincides with the errors you're seeing now.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: McGrath of Harlow
Date: 31 Mar 11 - 05:12 PM

No hangups with Internet Explorer, but you don't like the way what its doing...

I've no particular hangups with Internet Explorer either - but I prefer to use Firefox, because it seems to do the job a lot better.   I can't see any reason to use a browser that isn't as good.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 05:13 PM

Thanks Max :-)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 05:14 PM

I used to use Firefox and didn't like it. :-)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Max
Date: 31 Mar 11 - 05:15 PM

try chrome.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 31 Mar 11 - 05:20 PM

Tried that as well Max, but in all honesty I still prefer IE.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Snuffy
Date: 31 Mar 11 - 05:35 PM

I'm on XP with IE8 (for which the last security update was apparently Feb 9th), and I'm getting the same message as IE9 users.

X-ing it out doesn't stop the message.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 31 Mar 11 - 07:26 PM

I first discovered the excitement of XSS stuff with Firefox and one of the infinite number of plugins.... :-) fortunately, I can disable the XSS checking for specific sites such as Mudcat now...

As to Chrome and other browsers...

Still using FF V3 - on Facebook a certain game Castle Age just stopped working reliably in FF (Ubuntu system) - some pages won't even open, some links won't work. etc. Not even in the version of IE on Win 7 on the laptop, same nonsense. But it only works fine in Chrome on both systems.

One might think that there would be a way to tell IE to stop farting around with the XSS stuff for certain sites, but I think you might need a cut lunch and a compass to go exploring, if MS deemed that their users were intelligent enough to want to ...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Donuel
Date: 31 Mar 11 - 07:30 PM

I never got this message before until I just now opened this thread.
Now its bonging on every thread viewed.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 01 Apr 11 - 01:46 AM

I have no problem with IE7 at mudcat, but I do use Norton Internet Security which may override the Microsoft XSS filter.

I do get the message at the crossbeat site that says I can't look at it unless I add a Chrome add-in. I don't generally do add-ins until I have some idea of what they do, and so far Chrome only talks in ad-speak so I'll wait a while. Since XSS seems to be mainly used for advertising, I can pass on it until it does something useful (to me).

It is perhaps possible that those who are seeing the constant XSS warning see it because they've added the plugins that another site needs(?).

As Max indicated, adding the site to your IE "safe list" may kill the warning banner. That may also explain why I don't see it here, since I've had mudcat as "trusted" for about ten years.

Should the crossbeat site become of interest, I think I can work the problem, but I've been around here long enough to tell when the trolls are out (usually just from which threads are up at the top) and crossbeat probably won't tell me if the good people are coherent on any given day (it varies), so it's not really too interesting to me, and not a problem for me - at least now.

Another thread started on the subject laments the "proliferation of ads."

Some may have missed the comment by Max elsewhere about the possibility of giving GUESTS only the trash ads, and members only music related ones. I think that's a fine idea, but since the advertiser pays for each click that helps the 'cat I do get a certain satisfaction from occasionally clicking the trash - and making them pay - instead of making too frequent raids on the pockets of our friends. There's probably a trade-off point that I'll leave it to Max to find.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Acme
Date: 01 Apr 11 - 10:42 AM

I don't get a television magazine here so I use the Zap2it.com listings (and I can customize them to broadcast in my area, pushing my favorites to the top.) The awful thing about that site are the ads that slip in behind the page and spring out at you. Chrome may have a pop up blocker, Firefox may have a popup blocker, but they aren't equal to those nasty ads that will pile up.

IE doesn't let them appear, so until the other browsers manage to bite the hand that feeds them (the advertisers I'm sure have some say in browser development - it makes perfect sense that they want their say in the ad delivery system) I am using them less and less. And testing others to see how they work.

SRS


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bill D
Date: 01 Apr 11 - 12:46 PM

I have used both Opera & Firefox, and with both I can turn ads off or on. Firefox is 'easier' with the adblock filter... and one can 'whitelist' sites you don't mind. I have just done that with ChartBeat.

With Miro$soft and others trying every trick in the book to control what you see and feed you ads, and monitor your browsing, I feel NO compunction about using every trick *I* know to shut them out.

My favorite is the web filter, Promoxitron, which I have mentioned before.

Yes, it takes a little bit of work and time to get a modicum of control over things, but...OH, the relief!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Max
Date: 01 Apr 11 - 01:56 PM

Arthur_itus, since you've brought this up repeatedly. This rant is inspired by you.

While I don't share the thoughts and feelings of Bill D on this matter, for I really believe that the custom ads are better for everyone involved, specifically:

With Miro$soft and others trying every trick in the book to control what you see and feed you ads, and monitor your browsing, I feel NO compunction about using every trick *I* know to shut them out.


I do respect his ability to find a way to not complain to management about his displeasure with the free service that he takes advantage of. The marketplace is full of options, and there are plenty of other traditional music communities out there and you have the right to choose whether you'd prefer to be there than here where there is an annoying but temporary security warning that I, the human being site owner, assured you was safe, gave you multiple workarounds and options, and more importantly that we're hard at work on a solution. There are thousands and thousands of sites that this just happened to, and while you think this is just mudcat up to no good or using junk software or junk ads, that is just plane wrong. Google and Chartbeat and Amazon are the people we do business with every moment to make this site click and hum and to help pay our bills. All large and safe and accountable companies. The one throwing the error at you is the one big name missing from our sites' infrastructure. Left out of the party, so the browser throws an error.

I don't care for how you are expressing yourself, sounds like you are making noise in the hopes that I will give attention to the squeaky wheel. I take exception that you refuse every option of help and solution, and just continue to complain in another thread of the same thing here you are discussing here even though I am clearly engaged with you already and have acknowledged your concern. Well, here I suppose, the squeaky wheel gets called out for being rude to his host that charges nothing for a place in which to squeak. All I've ever asked is for you to behave yourselves in a manor in which I am accustomed to having guests in my home such as Bill D, and JohnInKansas who help create a better place with their observations and suggestions, not just squeak and demand a different kind of oil that we are providing for free. And I am sorry in advance for any credits I need to give you for your contributions to mudcat, intellectually as well as financially. I am happy to have you, I am really, you just picked a wrong battle on the wrong day with me. I am under the weather, tired of this whole... and quite cranky.

This problem is more about politics than technology or choice, this is a tactic to get me, the site owner, to yield to the 75% of our Web site visitors who use IEv8 and 2% that use IEv9. That is a formidable challenge to have an error that questions the safety and very integrity of a site, That's an error that only their browser is complaining about, because I use Google to monetize our sites, they flip a switch and write up a treaties on cross site scripting and how it can be abused and wallah, they got me to change what I do, the very core of our site stability and monetization of this entire enterprise. This isn't fighting fair and I will not yield to these tactics or alter my current course because of a single squeaky wheel. The problem will be solved, when I can get to it or the industry sorts it out.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: ClaireBear
Date: 01 Apr 11 - 02:06 PM

To Max: [Like!]


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 01 Apr 11 - 02:28 PM

From Max
"Arthur_itus, since you've brought this up repeatedly. This rant is inspired by you.

"

What are you on about? This thread is the first time I have started a thread on the subject of Internet Explorer's Cross-Site Scripting (XSS) Filter.

The only reason I created the thread was becuase I din't know what had happened. Please read my first post again.

I have not been offensive or abusive to you about this issue. I just wanted to know what had happened and how to correct it. Soembody suggested by PM that I email you about it after starting this thread, which is what I did and I was polite about it.

So please Max, don't have a go at me.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 01 Apr 11 - 02:56 PM

""This problem is more about politics than technology or choice, this is a tactic to get me, the site owner, to yield to the 75% of our Web site visitors who use IEv8 and 2% that use IEv9."

Absolutely not and I object to your insinuations.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Simon G
Date: 01 Apr 11 - 03:48 PM

Two solutions for you on IE9

Disable XSS checks for all

or

add mudcat.org to your list of trusted sites on the security tab and disable XSS checks for trusted sites only.

Personally disabling XSS checks for all seems to make sense as IE9 is so security flawed anyway that whether it checks for XSS problems or not makes not a cents worth of difference.

Max - I fully understand you sentiments but I'm not sure Arthur-itus deserved the tirade. Well said to all of us as guests on your site though.

Simon


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 01 Apr 11 - 03:52 PM

Hi Simon

I do have mudcat as my trusted site. I am not going to disable XSS as now I know what is happening, It doesn't bother me too much.
However thanks for the post.

Les


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: BrooklynJay
Date: 01 Apr 11 - 03:56 PM

Hmmm... I'm wondering why - since I'm logged in - am I seeing ads inviting me to meet women from India?

And obviously not for sitar lessons.

Jay


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 01 Apr 11 - 03:57 PM

You are so lucky Jay :-)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Max
Date: 01 Apr 11 - 04:56 PM

My apologies for dragging anybody into my frustrations with a larger issue. Arthur_itus, Simon G says it right you didn't deserve that tirade, that was my frustrations in general around here anytime anything changes, whether it's me fiddling or some (The) crappy(est) browser that I have to design for. I work hard to keep this site up to standards, and the Vols often are putting more time in than me. And we are all here to enjoy the same things. I was itching too bad for a target maybe to make the point that we are all mudcat, and we are all in this together. While I did a poor job of expressing it here today, that's the real change I want to see here at mudcat, I want to create a more supportive environment.*

*...more on that topic is in the works as a part of the new membership responsibilities to be discussed soon in a Permathread near this one. (give or take…)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 01 Apr 11 - 05:02 PM

No problem Max. we all have our bad days :-)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Q (Frank Staplin)
Date: 02 Apr 11 - 01:10 PM

I feel left out- I didn't see anything about cross-scripting Mar 31 or anytime (IE always used).

Digression- The advertisements are no problem,occasionally a delay of up to 2 seconds while some of them load, but that's OK if they help pay the way.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: michaelr
Date: 02 Apr 11 - 02:17 PM

I don't see them either. I guess it's only an issue if you use the latest version of IE.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: TopcatBanjo
Date: 02 Apr 11 - 05:45 PM

It's been happening to me too, for the past few days. Annoying but not too dreadful, but I look forward to it being sorted out soon!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Joe Offer
Date: 02 Apr 11 - 05:57 PM

Somebody told me it was happening to them in the Music section of Mudcat, but not in the non-Music (BS) section.
Interesting.

Whatever the case, the problem seems more-or-less harmless.

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: GUEST
Date: 02 Apr 11 - 09:30 PM

Just to say I'm getting it too, and I can't see that anyone was blaming Max for it at all! I was puzzled by it, and I don't understand the tech of what it's all about. (Haven't a scooby what cross-scripting means!) So at the moment I'm being mildy irritated every time it appears (with every thread I click on to), but just ignoring it and hoping it will go away!

-Tattie Bogle-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 03 Apr 11 - 04:19 AM

No problems with FF & AdBlocker & TabMix Plus. Put Mudcat as trusted years ago.

Hmmm, that's weird, now where has the XXS switch stuff gone, not there now... sigh, something changed again....

Hang in there Max, been there done that madness before. As any System Operator says, the job would be a doddle if it were not for the users... :-)


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bernard
Date: 03 Apr 11 - 06:12 AM

I'm running IE8 under XP Home SP3, and yes, it's a minor annoyance - more so because it's been added without my knowledge and without being offered the option to turn it off.

When other similar bars pop up, there's usually an option to turn off that particular type of filtering for that page/site (etc), but this pops up every time I switch pages, and I feel annoyed that I have to do some tinkering in the basement to switch it off...!

It's really quite poor implementation by Micro$haft...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 03 Apr 11 - 08:49 AM

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.[1] Their impact may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site, and the nature of any security mitigations implemented by the site's owner.

http://en.wikipedia.org/wiki/Cross-site_scripting


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 03 Apr 11 - 08:12 PM

Fooles Troupe's wiki article at "Cross-site scripting" may be helpful. Similar results are found searching for "XSS."

Internet Explorer has included an XSS filter since version 4. This is nothing new.

It appears that IE9 has incorporated a "more aggressive" filter, that gives many more warnings. It is also possible that the filter hasn't changed all that much, but that a recent update has changed some default settings in IE. The IE9 filter appears to be essentially the same as was first introduced in IE8 Beta 2, although confirmation of incremental changes would be more work than I'm inclined to do immediately.

IE uses "security zones" to control how the security functions integral in IE and/or supplied in other Microsoft packages apply the rules. Changes when other version jumps were released "redefined" some of the zones so that more strict rules were applied to zones with the same name as the less restrictive ones in the prior version. The changes caused flurries of whinging similar to what is now being seen, now mainly but not exclusively from IE9 users. The complaints in previous instances were resolved, mostly when people learned to reset their IE preferences to their personal satisfaction or found the proper add-ins for their other browsers.

Adding a problem site to your "Always allow" box essentially applies the security rules for a "less cautious zone" to the site. When it works for one setup and not for another, it may be just a matter of the "normal zone" being at different levels on the two.

It may be worth noting that with earlier updates, some of the changes that elicited the most complaints are now considered "features" commonly cited by the "my browser is better than yours" philosophers.

While we don't know, as yet, any simple solution for what is now bothering some of us, it can be expected that the difficulties will be resolved.

For the "technically inclined," a blog article at MSDN Blogs > IEBlog > IE8 Security Part IV: The XSS Filter gives a brief description of the IE8 (Beta 2) XSS filter. Event 1046 - Cross-Site Scripting Filter is an MSDN Library description of the IE8 XSS.

Note that NEITHER OF THE ABOVE TWO LINKS will be of much use, or interest, except to the "seriously technically warped" among us, and neither gives, alone, enough to do much about anything. Either of the links, however, will get you into one of the more arcane (and harder to find) areas at Microsoft where you may be able to poke around to find something that's actually of interest.

For the less technically oriented of those here (i.e. those still incurably sane) my interpretation is:

XSS refers specifically to attempts to distribute malware by means of Cross Linking.. The most common use is to direct the browser to an unintended/unexpected location.

Note that XSS as most commonly used does not describe or apply to the legitimate uses of cross-links or redirects, and should not be used to describe legitimate programs and their applications.

There are numerous perfectly valid application that use Cross Linking. Java Scripts are probably the most common currently seen, but are not the only ones used.

XSS threats are very common now, but have mostly had very low severity. The risk from XSS appears to be quite comparable to the risks of running Flash or using Adobe Reader carelessly. (The risk from Adobe for both is largely that they've been incredibly slow at issuing patches for known vulnerabilities, allowing long-term exploitation before they fix them.)

The intended effect of the IE XSS FILTER is to reject/disable only cross linking code that is likely to lead to undesired effects.

If the IE9 XSS filter works as described for the IE8 version, the filter disables the specific script fragment that the program believes is a danger. The remainder of the page should display correctly in most cases. The message that "the page has been modified" means that the small script fragment that IE "doesn't like" has been disabled, and shouldn't mean that anything else on the page is affected. The disabled fragment may not be shown, or it may be shown but "unlinked" to prevent it from doing anything.

It appears that the web page downloads to TEMP unchanged, and the filter only blocks passing of the suspect script from the TEMP location on to the browser for display.

The XSS filter will flash a warning that it's done something. In all similar previous cases, you have had the option of turning off the warnings while allowing the filter to continue to block suspicious material. As soon as one of us finds a reliable way to do that, perhaps it will be passed on.

It probably is also possible to turn off (disable) the XSS Filter. Details on the IE9 version are not well enough defined in what I've found thus far to indicate how much control you have, and I have no intention of installing IE9 at the present time just to look at it.

For anyone really too impatient to work around the difficulties until solutions are found, Microsoft claims that IE9 can be easily uninstalled and removal will revert you back to whatever prior version you had. A problem many people have had is difficulty finding the IE9 entry in the list of programs in the Uninstall section of Control Panel. You don't uninstall IE9. You uninstall the update that put IE9 on the machine.

Official Microsoft Instructions for REMOVING IE9 (they say they're simple, and of course you believe Microsoft) are at How do I install or uninstall Internet Explorer 9?, for Win7 and Vista.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: My guru always said
Date: 04 Apr 11 - 02:22 AM

I am under the weather, tired of this whole... and quite cranky

{{{{MAX}}}}


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 04 Apr 11 - 03:09 AM

MAX is you guru?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bert
Date: 04 Apr 11 - 04:15 PM

...I don't have issues with Microsoft...

Then why did you start this thread?


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 04 Apr 11 - 04:36 PM

I started it to find out what the problem was. I had no idea and wanted to know if it was serious or not.

Why are people trying to read something into this thread.

I am happy with why it's been intoduced and in all honesty I don't even notice it anymore.

Are you trying to start an argument Bert, becuase I am not interested.

Thank you for posting, but my cancer issues and the death of my brother are far more important. Nuff said


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: GUEST
Date: 06 Apr 11 - 12:27 AM

I second MGAS' hug!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 14 Apr 11 - 06:49 AM

Puzzling Event:

I was abruptly wakened from my pleasant dreams by the sound of my computer rebooting. (On my somewhat "mature" system, the steam boiler makes a lot of noise at times, and the gears have a couple of teeth missing, so the wakeup wasn't too surprising.)

I suddenly find that the "IE has modified this page to protect you" flag no longer appears for the two or three mudcat threads I've opend thus far.

The reboot wasn't unexpected, since a rather large number of updates had been indicated for the monthly Microsoft update scheduled for now. (17 patches, ties the last previous record for number of patches in a single release.) The news reports haven't indicated much detail on exactly what was to be patched, and specifically didn't mention any changes to IE9. I haven't (yet) checked to see what was installed that might have affected IE.

IE9 release was almost precisely two months ago, and the "early report" this morning is that a "concepts pre-beta" of IE10 has just appeared. Although Microsoft hasn't given any indication of when a "working beta" or finished release might happen, it doesn't appear that it will be immediately.

The brief article reporting the latest (IE10) news(?) indiates that Chrome, Firefox, Mozilla releases have been at approximately two month intervals for each, for the last several updates. I haven't watched release history of all the other browsers, but have noted some comment about inconsistent behavior changes in most of them.

Much of the recent browser activity has been based on claims of "improved compliance" with HTML5, CSS3, and CSS5, none of which, it appears, is actually a firm standard. HTML5 in particular was issued as a "final pre-publication version for comment" more than two years ago. The "final pre-pub" version has been revised and re-issued at least twice, and nobody is predicting release with actual status as "Standard" for at least the next couple of years.

I'm not a bit surprised that those managing web servers are having some difficulties, as there are no confirmable targets to aim at, and everything that resembles a target keeps moving, or disappearing, with new pseudo-requirements appearing at random.

Herding cats in the parking lot at a mega-mall, or running a chicken roundup in a jungle, would be easier than what Max is trying to do for us.

Thanks again, Max.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 14 Apr 11 - 08:33 AM

I got my Win 7 patches for the laptop. I was able to beat off IE9 with a stick - for now ...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 14 Apr 11 - 08:51 AM

BTW - Win 7 lets you have 'Desktop Gadgets' - Network and disk meters etc. There's a new one - an earthquake monitor - It just told me that 3 M5+ quakes occurred in the last few minutes off the east coast of Honshu Japan.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Arthur_itus
Date: 14 Apr 11 - 12:45 PM

With the latest downloads from Microsoft for IE9, I decided to install IE9 again and see if things were better.
Very pleased to say that everything is now working fine. No issues with Mudcat, which is great.

Thanks for all the help everybody and a big thanks to Max for all the good work he does.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 14 Apr 11 - 02:12 PM

As of this morning - with the latest update package - IE9 doesn't wave the flag saying that it's "modified the page to protect you," but evidence is that it still "modifies the page." It just doesn't tell you about it every time.

The evidence is:

"Page | Save As | Web Page Complete htm, html" aborts the save with an error message saying that an "object of script not found."

"Page | Save As | Web Archive .mht single file" aborts the save with an error message saying that an "object of script not found."

"Page | Save As | Web Page HTML Only" appears to be the only (semi)functional way to save anything, and it can't include any externally linked (scripted link) parts seen in the page in the browser.

"File | Print" or using the "print icon" on the toolbar results in an error indicating "script erro - target not found for ...." and the print fails.

A "peculiarity" of the description of the XSS Filter is that a script executed before/during download of the page apparently can show items called by a script in the browser, but once in TEMP the script is blocked from executing a scripted "external" connection on your machine to retrieve the targets separately, so neither saves nor prints can be completed.

(But I'm mostly just guessing.)

A "concept demonstration" for a pre-beta IE10 appears to have been distributed to a limited group recently, perhaps yesterday, so maybe we can look forward to things getting even better than ...

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 14 Apr 11 - 07:21 PM

Stumbled across this when looking at the 'sorting dances' thread.

a href="http://www.i-programmer.info/news/86-browsers/2122-ie9-launch-a-threat-to-web-development.html">E9 launch a threat to web development


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 14 Apr 11 - 09:43 PM

The Fooles Troupe probably meant E9 launch a threat to web development?

The comments about "selective compliance with the standard" in reference to HTML5 rings a little hollow, since HTML5 IS NOT A STANDARD.

A "proposed final version" was "released for comment" somewhat more than two years ago, but nobody's been able to agree on how to decide what comments are significant. The "proposed final version" has been revised at least twice, and reissued, and remains "out for comment," with little prospect of agreement.

The optimists suggest that it may be finally finalized and published as a Standard "in about another couple of years," but they'll likely need to release the estimated date(s) for comment to get sufficient agreement just on a schedule for (maybe) finally releasing it.

As long as the proposed standard remains open for revision, the selective interpretation of what it doesn't say, along with large doses of wishful thinking on the part of people who want it to be something it hasn't quite achieved, makes it more of a communal hallucination than a true technical standard that people can follow with the expectation of getting compatibility between systems designed by many different people using different drugs of choice.

It's not clear whether the CSS3 and CSS5 "standards" suffer from similar vagaries. They also are part of the most recent flaps over browser and server design, but I've found less obviously incriminating information on them (due largely, one supposes, to personal laziness).

Of course, that's just what it looks like to one innocent bystander with no particular access to whatever the people who are more involved have been smoking ... or chewing ... or ... to whatever mystic spirits move them.

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: GUEST,.gargoyle
Date: 14 Apr 11 - 10:32 PM

TESTING ... Testing ... testing ... texting

Sincerely,

Gargoyle

Un-stimulated, Un-iversity, Un-ion


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 15 Apr 11 - 10:31 AM

Sorry John - I sometimes post the bits into the blue clicky maker back to front ....

Quite frankly, most of the effort in cleverness in web design is wasted and "óverwronglyengineered" - the basic defaults work fine for me for most things. Too much cleverness is self defeating in the long run, from my experience, KISS.


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 15 Apr 11 - 04:07 PM

No question about where your link was supposed to go, Fooles, but it looked pretty obvious that you'd intended it to be a link. In what I saw the first "<" and the final "</a>" were all that was missing.

I just pasted what your post showed, added the missing bits, and clicked it in preview to go where you pointed.

My little rant following might not have indicated just how much "sarcastic content" was intended, but is based on my going to the HTML Standards website to try to see what it's all about.

Factually, IMO, there is no HTML5 Standard and what I could find in what the group says is the version currently "distributed for review" is so vaguely written that it is far from ready for adoption.

The separate CSS Group site is so vague (as far as I could tell) about the status of its several versions that I couldn't even find retrievable versions of what might be current "working versions," or identify what affiliates might be responsible for publication when (if) anything actually is produced.

An eNews bulletin received this morning linked to an eWeek (once upon a time a credible technical resource) report on the Microsoft MIX11 Developers Convention where, according to the headlines there was lots of good technical exchange of information.

The HEADLINE:

Just four weeks after the release of Internet Explorer 9, Microsoft unveiled the first platform preview of IE10 at the MIX11 conference in Las Vegas. In his April 12 keynote opening, Dean Hachamovitch, corporate vice president of Internet Explorer, outlined how the next version of Microsoft's Web browser builds on the performance breakthroughs and deep native HTML5 support delivered in IE9. With this investment, Microsoft is leading the adoption of HTML5 with a long-term commitment to the standards process, Hachamovitch said.

What followed in the "report" was a slideshow of 26 rather quaint pictures of Microsoft executives and screen shots of games. The only thing resembling "technical content" I could identify was at the mention of a new ap called "mango" for which they displayed a picture of the fruit - which might be considered "information" for someone who never ate one.

Toys for children, built by children, on a foundation of BULLSHIT and wet dreams?.

(Maybe I'm just too old for it all.)

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Joe Offer
Date: 15 Apr 11 - 04:18 PM

I don't get the cross-site scripting error message from IE9 any more, so it appears that issue is resolved - don't know if by Max or by Microsoft.

HOWEVER, I still get a scripting error message every time I try to use IE9 to print something (not only from Mudcat). Looks like Microsoft still has some repair work to do.

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Bill D
Date: 15 Apr 11 - 05:51 PM

Iffn ya' don't mess with IE and use a friendlier browser, ya' don't hafta see all that stuff and wonder why it don't work right...


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 15 Apr 11 - 07:02 PM

John - The MS Empire no longer has much interest in 'technical stuff' - their only interest is in making money. You do this by 'meeting a market', and more increasingly, by 'making a market'.

Thus waffleware becomes the single most important product, helping to keep the share price high - this being even more important for The Empire than any actual physical product.

If you have a captive market, this works even better. Getting your junk bundled with new computers is essential, even if you give the damn stuff away at 'less than cost', to keep market share high, thus keeping the previous illusions going, and propping up the exectuvies salary packages.

Sadly this is starting to infiltrate Linux too - the next version of Ubuntu defaults to a new super duper GUI that won't run on the lower end hw bulk of installs!


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 15 Apr 11 - 09:22 PM

Joe: I don't get the cross-site scripting error message from IE9 any more, so it appears that issue is resolved

The message has been quelled, but it appears that anything that the XSS filter thinks is suspicious is still being neutered, as evidenced by not being able to save or print anything that includes a script.

All attempts I've made to print a web page (several just to test the theory) results in a failure with an error message saying that a "script object cannot be found." There are a few different messages showing up, but all implicating "script objects/targets" being not retrievable to print.

IE options for saving a web page (File|Save As or Page|Save As) include "html complete," "web archive .mht," "text only," and "html only."

Either "html complete" or "archive mht" will generally appear to save, and files may appear on your machine, but the files either don't open at all or just show a "first screen" with lockup of the browser. Both of these forms would contain any scripts on the page in executable form and the scripts are broken - apparently by the filter - causing the entire Save to fail.

Saves as "html only" are similar to View Code and copying the code, and still work, but don't display (or apparently don't attempt to display) any objects "embedded" via scripts.

Saves as text only are okay, but usually are incredibly messy to try to read, or to edit into something intelligible.

Note that the XSS filter that seems to cause most of the trouble is not specifically related to HTML versions, features in HTML, or browser versions. It is apparently because cross-scripting malware has been appearing with significant frequency, and has thus far been difficult for AV suites to detect and protect against.

The "officially sanctioned" gossip about cross-scripting malware has been that thus far it's been more annoying than dangerous, but there are suggestions that it has the potential to be quite destructive. Whether the aggressive filtering appearing recently is a pre-emptive action based on a real threat or just an example of "fishing with dynamite too close to the boat" is unknown.

If the cross-scripting threat is real, it seems likely that problems similar to recent IE misbehavior will appear in other browsers, but IE is the only browser that gets updates. All the popular others incorporate bug fixes - including new malware defenses - only as new version releases. (Version updates in the other browsers have come at about 60 day intervals recently, and those who resist updating to the latest version of their favorite probably risk continuing vulnerability to the latest malware forms; but Microsoft complains about the "more than half" of IE users who don't even download the patches so there's really not much difference.)

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 23 Apr 11 - 04:08 PM

Microsoft has a KB article up that claims to solve the problem of not being able to print (or print preview) web pages.

The "solutions" recommended did NOT FIX the inability to print a web page for me, although "Method 3" changed the error message I get when I try to print.

Applying the last method now does permit me to save a web page as an "archive (mht)" file that appears to work.

On the possibility that the fixes given might actually work (for printing) or someone might want to see if it helps with saves, it's at:

You cannot print or print preview Web pages in Internet Explorer on Windows Vista or on Windows 7

John


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: The Fooles Troupe
Date: 23 Apr 11 - 08:26 PM

"Changed the error message"...

Hmmm... in my student days, when doing a large Cobol compile, that was always considered a positive sign ....


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: Joe Offer
Date: 13 May 11 - 04:29 AM

I haven't gotten the cross-site scripting error messages for quite some time with IE9, but there was something on the Forum Menu page today that kept crashing IE9 - I think maybe an animated music-downloading ad. It seems to depend on what ad is on display - doesn't seem to happen on other Mudcat pages, just the Forum Menu.

-Joe-


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: MartinRyan
Date: 13 May 11 - 04:30 AM

Now that you mention it - I haven't seen that error message here for a few weeks, either, after a plague of instances (IE8/Win XP)

Regards


Post - Top - Home - Printer Friendly - Translate

Subject: RE: Tech: Internet Explorer and Mudcat issue
From: JohnInKansas
Date: 14 May 11 - 04:42 AM

Although the annoying "script modification" notices have disappeared, and some other annoyances have been somewhat reduced, there still appears to be a problem with IE and Java.

A long time ago, Microsoft came up with their own versions of Java, and it was automatically included in IE. The Microsoft version ran Java scripts in a "virtual machine" mode, and apparently was able to handle both "Java text scripts" and some sort of "compiled Java."

Sun Microsystems quite logically felt that a Microsoft version of Java infringed their proprietary rights, and there was a long-running legal debate.

A settlement was reached that allowed Microsoft to continue distributing their "Java VM" in IE under a "courtesy permission" until some time in 2007. Microsoft continued to "provide support" (oxymoron????) until sometime in 2009, but the Microsoft "virtual machine Java" is no longer available (except from a few pirate sites?). Microsoft now officially sends you to Sun to get Java.

It appears now that some Java scripts that were designed to work with the old Microsoft "Java virtual machine" no longer work with Sun Java, although the Sun Java I've been using for several years used to work just fine for them.

I can't offer any explanations or solutions, but it looks a lot like somebody's out for revenge for past sins (or intended future ones?). Regardless of who's out to hurt whom (if that's really the problem), we seem to be the only real victims.

John


Post - Top - Home - Printer Friendly - Translate
  Share Thread:
More...

Reply to Thread
Subject:  Help
From:
Preview   Automatic Linebreaks   Make a link ("blue clicky")


Mudcat time: 24 May 1:45 PM EDT

[ Home ]

All original material is copyright © 1998 by the Mudcat Café Music Foundation, Inc. All photos, music, images, etc. are copyright © by their rightful owners. Every effort is taken to attribute appropriate copyright to images, content, music, etc. We are not a copyright resource.