Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

A new feature enables you to block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request in Internet Explorer 8


View products that this article applies to.

Introduction

Internet Explorer 8 can now block the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 navigation request if the request is redirected to a different host. An update is now available to enable this new feature. The update adds a navBlockRedirectsXDomain flag that enables callers to opt into this security mitigation. Additionally, the update adds a DWebBrowserEvents2::RedirectXDomainBlocked event to detect any navigation request that is blocked.

This feature enables you to prevent cross-domain headers being sent together with redirected navigation requests. The feature detects blocked navigation requests through the DWebBrowserEvents2::RedirectXDomainBlocked event, and then calls the IWebBrowser2::Navigate2 navigation request again by using the redirected URL that is obtained from the event. However, when the navigation request is called again, the navigation call does not include cross-domain headers.

Note When the navigation request is directed to a URL that has the target property set to �_blank,� cross-domain headers may be sent together with redirected navigation requests.

↑ Back to the top


More information

Security update information

To resolve this problem, install the most recent cumulative security update for Windows Internet Explorer. To do this, visit the following Microsoft website:�For more technical information about the most recent cumulative security update for Windows Internet Explorer, visit the following Microsoft website:�Note This update was first included in security update 2497640 (MS11-018). For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2497640 MS11-018: Cumulative Security Update for Internet Explorer
For more information about the IWebBrowser2 interface, visit the following Microsoft Developer Network (MSDN) website:For more information about BrowserNavConstants enumeration, visit the following Microsoft Developer Network (MSDN) website:For more information about the target DHTML property, visit the following Microsoft Developer Network (MSDN) website:

↑ Back to the top


Keywords: KB2510633, kbprb, kbsurveynew, kbexpertiseinter

↑ Back to the top

Article Info
Article ID : 2510633
Revision : 1
Created on : 4/12/2011
Published on : 4/12/2011
Exists online : False
Views : 334