In case you came across a situation where you suddenly can’t browse your MOSS 2007 application locally, but still can access remote MOSS servers while others can access your application remotely:

KB963027

The solutions are:

1. Uninstall the update

2. Use IE6…

3. http://support.microsoft.com/kb/963027/ – read for more details

For more information see also:

http://blog.mpecsinc.ca/2009/04/sbs-2008-ie-update-kb963027-breaks.html

http://spiderwool.blogspot.com/

http://msmvps.com/blogs/bradley/archive/2009/04/16/sbs-2008-ie-update-kb963027-breaks-companyweb-access-from-the-server.aspx

Update: Another useful link:

http://support.microsoft.com/kb/896861/en-us

I would like to thank our people at Netwise: Avi Haimovich & Rani Of for the useful research of that matter.

When trying to use ACT 5.5 Internet Explorer Compatibility Tool I got the following message:

“The file size exceeds the limit allowed and cannot be saved”

You can read about the problem here and download the hotfix needed in order to fix it here.

While browsing using Internet Explorer 8, I received several times  xss filter notice saying: “Internet Explorer has modified this page to help prevent cross-site scripting” resulting an empty page, usually after trying to submit a form.

Although this is a security issue handled by IE in order to protect the user, sometimes it is blocking legit sites trying to do legit operations.

If you are a website owner and you received complains regarding this issue you can check your web site using ACT 5.5 AKA “Microsoft Application Compatibility Toolkit 5.5” which can be downloaded directly from here.

This is the result when using the Internet Explorer Compatibility Test Tool an my example web site:

As you can see the tool allows me to detect what happened and why during my browsing session inside my web site. (The tool also works on remote sites and can be used for solving other compatibility issues as well)

As for my example, I used the one I found on MSDN – here.

Resolution:

1. Fix your code and make sure you don’t perform illegal operations such as cross site scripting.

2. Ask you users to disable the xss filter on their machines (BAD!)

3. Set this response header: “X-XSS-Protection: 0” in order to disable this feature (BAD!)

You can set the response header directly from the web.config by adding this section:

<system.webServer> 

<httpProtocol>
    <customHeaders>
      <clear />
      <add name=" X-XSS-Protection" value="0" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Please make sure you read the MSDN article first so you’ll know exactly what the risks you are taking by doing so.