Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Windows Internet Explorer 7 introduces new redirect mitigation for cross-domain exploits. A cross-domain exploit occurs when a Web page from one domain can either read or manipulate the contents of a Web page located on a different domain. Typically, a malicious Web site implements this exploit when a Web site redirects an object. Therefore, if there is any possible threat of a cross-domain exploit through redirected navigation in a DOM object, Internet Explorer 7 blocks the navigation and logs the blocked Web site URL.
The following examples show two common functionalities that are blocked by Internet Explorer 7, due to the redir.asp file directing the Web site to another domain.
Example 1
XML Script Data Island
<script language ="text\xml" src="redir.asp">
Example 2
Stylesheet
Object tag "data" attribute
<object type="text/xml" data="redir.asp">
Note
This object tag example also depends on the value of the URLACTION_CROSS_DOMAIN_DATA registry setting.
You can fix this issue, by hosting all of your Web site data on the same domain, enabling you to avoid redirection to another domain.
You can work around the redirect mitigation security feature, by turning off the following registry key:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\ FEATURE_Cross_Domain_Redirect_Mitigation]"iexplore.exe"=dword:00000000
If you disable this security feature, you will be more prone to cross-domain attacks.