Cross-domain scripting attacks involve a script from one Internet domain manipulating content from another domain . For example, a user might visit a malicious page that opens a new window containing a legitimate page (such as a banking Web site) and prompts the user to enter account information, which is then extracted by the attacker.
Internet Explorer 7 helps to deter this malicious behavior by appending the domain name from which each script originates and by limiting that script's ability to interact only with windows and content from that same domain . These cross-domain scripting barriers help ensure that user information remains in the hands of only those to whom the user intentionally provides it . This new control will further protect against malware by limiting the potential for a malicious Web site to manipulate flaws in other Web sites and initiate the download of some undesired content to a user's computer.
Was this article helpful?