IE8 blocking XSS - help?

[nathank]

Hi - my browser recently updated to IE8. Now, when I try to run a Cognos report as an Excel spreadsheet I get an information bar that says

"Internet Explorer has modified this page to help prevent cross-site scripting. Click here for more information."

Clicking on it goes nowhere. A little research seems to show that this is a built-in XSS filter in IE8 that cannot be turned off, except in web page development. Anyone else run into this or know how to fix it?

Any help or advice would be greatly appreciated!!!
Thanks!
-Nathan

[SharifJ02]

We ran into this problem and you can turn off XSS filter.  I haven't done in yet with Group Policy, but if you go to Internet Options, then the Advanced Tab, there's a section called "Only allowed approved domains to use ActiveX without prompt", there's a check box for "Enable XSS filter".

If that doesn't work, add your Cognos site as a Trusted Site under the Security tab and assign the Security Level of the zone to Medium-Low or Low.  If you want to set a custom level, the 3 things I would change are:

• Automatic prompting for file downloads- change from Disable to Enable
• Allow Programmatic clipboard access- change from Prompt to Enable
• Enable XSS filter- change from Enable to Disable