Netargument use Disqus as Commenting system on this blog. In internet explorer browsers, IE8 & IE9, it failed to load with message that Internet Explorer has modified this page to prevent cross-site posting. It display # where disqus is placed and fails to load!
The error is due to Internet Explorer’s XSS filter, which prevents the injected script from accessing information which other website doesn’t intend to allow. However, an application like disqus does the same thing and we want to do it, and IE should understand that it is intended and not a malicious attack!
Microsoft documentation about this XSS filter tells you how to disable it at server level and end user level. End user can disable this by opting out of it in setting, but that is not something which a publisher can force upon them. Those having access to root directory too can disable it by tweaking HTTP header request setting
X-XSS-Protection: 0
Blogger doesn’t offer you access to the root directory, so the solution won’t work for you.
However, we can send request to turn it off through a meta tag. It tells the browser to turn off XSS-filter, and it works!
Just find the below code in your blogger template, going to Edit HTML.
<meta content='IE=EmulateIE7' http-equiv='X-UA-Compatible'/>
and change it to:
<meta addname=' X-XSS-Protection:0' content='IE=edge' http-equiv='X-UA-Compatible'/>
This code also changes the compatibility of your website from IE7 to the latest version.
This code will not only solve your website’s cross scripting error, but also make it run smoothly in latest versions of IE.
No comments :
Post a Comment