On Oct 10, chadwackerman <[email protected]> wrote: > Just noticed this. This disables the IE8 XSS security filter. > > Many Google sites seem to be sending it. It's odd. > > Regardless, on AppEngine, seems like it should be left to the app to > decide and not Google. > I'm seeing it on static pages so I don't think it's Django or webapp. > > Anyone know what's up?
Can you think of an attack that would have been mitigated by the filter if it was enabled for static content? If someone comes up with an attack, our chances to get rid of the ugly header quickly will improve significantly. Seriously, I'd like to know why they added it in the first place. I have shared my thoughts in the issue tracker: http://code.google.com/p/googleappengine/issues/detail?id=2417 Sooner or later someone from the App Engine team will notice that issue and respond. -- Alexander -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=.
