Internet Explorer has modified this page to help prevent cross-site scripting

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Terry Kennedy

Well-Known Member
Jun 25, 2015
1,140
594
113
New York City
www.glaver.org
I've been getting "Internet Explorer has modified this page to help prevent cross-site scripting" warnings on the bottoms of pages on this site, perhaps 20% of the time in this session. I think that there's some questionable advertising practices going on. You may want to ask your ad provider(s) about it before it gets out of control.

Edited to add: Got it when submitting this reply, too. The advertising code seems heavily obfuscated, though I'm not sure it isn't always:
Code:
<!doctype html><html><head><script>var google_casm=[null,null,null,null,null,null,1];</script><style>body{margin: 0;padding: 0;}</style></head><body><script></script><iframe id="ad_iframe" name="ad_iframe" scrolling="no" src="about:blank"frameborder="0"width="728px" height="90px"style="border: 0px; vertical-align: bottom; width: 728px; height: 90px; position: absolute; left: 50%; margin-left: -364px; top: 0; margin-top: 0px;"></iframe><script>var doc = document.getElementById('ad_iframe').contentWindow.document;doc.open('text/html', 'replace');doc.write('\x3c!doctype html\x3e\x3chtml\x3e\x3chead\x3e\x3cscript\x3evar google_casm\x3d[null,null,null,null,null,null,1];\x3c/script\x3e\x3c/head\x3e\x3cbody leftMargin\x3d\x220\x22 topMargin\x3d\x220\x22 marginwidth\x3d\x220\x22 marginheight\x3d\x220\x22\x3e\x3cscript\x3evar viewReq \x3d new Array();function vu(u) {var i\x3dnew Image();i.src\x3du.replace(\x22\x26amp;\x22,\x22\x26\x22);viewReq.push(i);}\x3c/script\x3e\x3cscript\x3evu(\x22https://googleads.g.doubleclick.net/pagead/adview?ai\\x3dCw6BAraWlWtDrOI2c3AHZ4Z2oC5bw_rxN6uTGo4kBwI23ARABIABgyZ7rirSk2A-CARdjYS1wdWItNjg5MjI4MzQ0NDE1NjcwMMgBCagDAaoE8QFP0E0JeK3Vj8OwVGef6HyMw6Y-zvxrEde9ROXFXC1hUVoPI1kkcbabAP3evYqg2qWiRzyQXIbH7sg9jAjROzySEOP_VcXlffQE6ChE0xScQctSGQE6Pogs1iKAXworVzTZUtP0BrKw9Hv5EDxcH59KbMzr9RWyDA6bBdrRITGW5WtfF6yp-AC1nvZCrRUpJ_NUYwLPC9ktbv-w3E_l3eyYcsaLwc0uQFII5op83FNUcdU8-bKBllKkp-vrPgCou8byj0ZiN3l74eXRTZlkE2yIhEJwK0Icax6f-4fSQhf4VmoXvM8bpPsuigd9touq9FlFgAaolJDOjOWyz5EBoAYhqAemvhvYBwDSCAUIgGEQAQ\\x26sigh\\x3dZb_KSDOmlq8\x22)\x3c/script\x3e\x3cscript\x3evu(\x22https://pr.ybp.yahoo.com/bw/adx/imp/-AnabLKLrBAjmtf3Tpl4ilABDqJ3vbRkGbuQwC_HzyNr9PxvFrPXsyVviS2Ilm2vadXmoD2quSfT6qzNtExYuQg1c7zLbx8RPFvZyPNpxlayooIEOFyDgd13CCR0kw6mhedrmjbImbCpNnghAvSxcE43nhiIj4lpEljnv_HA7bDNT3fdxjJplv8hk3ChgqB77oDw07eGBMQy5wXcnNnlX10QT6vL_PgRm4B5KEa4t0oLwFcpGsbeJehpPRnB195uPBsGtICJi2ZiPRYOKfDneiSmMYGCo_GOl_3YeSeH3E7PVwja6hBMY3oBJDQg6hLL7QH6rnoLZS3zeLD1ZJQB-lNuCjSOI4eoEOr8NhmcQoogGMyVxbZQhP3MokdBL3Vq6EjxsKzMGjBZN_B0oNVop4vsznQ0jDszAs6ySZudkfiRQoEVAg71qRFE3_ur0vnGHjKLFwTmoU7fQppoTT-EfRbAmWdvvg5ptS_3qGnPkr-KZRWq2AsB6QYWRPxN99kw0FfElhkxxkULNR9Y6E1NTL8onFHVacmT1DXhCfkxIZB9ZYD1EJH9L7_lSFoUah-mLBfJ1To4bwG4WCvxH9ee3Rdio36U1huiTt9J4XFIAxA4ACyMz_feJxCf3PokoAUiiVbv0W_0EiVKnhZyQuVt8OCCoVUNPozdD0BKto6bOuaRV5I90HkW5rvws9jykN5kJ74adxyevtsQpgRweZ-jDz-kf3CYJHojUbyiH5SsJ4mV8mO9JGZNi0Y_2uf1JVVZ9hKj3FRSGaxCahoXYp0LU0-QvtpZo56rBjyVxYDDujoHZ75TJBGMWU3GaHudhjx9TfQwcRR7ovnCmjnuGl_0I1Yv7tUkbYEfsTHoG1voz4vocezPqB9Yp47W0JQTWipCcNTL5uuvO0R8-MmafKqKyd5bDKxYV7ynOJBh4AQVMlkGGFrtbsfiCwBszJF_it4z8Czg2QvzDkrTxV42slwjTQxGNaO8iGKfT5w_SQ1mtmUWMLAXtjnM6LpsdeTS75-AImVVZkYXMVEeCXhAaTFxYA/wp/WqWlrQAONdAKNw4NAAdw2VNGGjkm2ItqKMSk6Q\x22)\x3c/script\x3e\x3cscript type\x3d\x22text/javascript\x22 src\x3d\x22https://pr.ybp.yahoo.com/ab/secure/true/imp/S2v7VIauiF6hF7Ie56LpdMulpcr4Yw50j-MHcMrZm7Fk6WrU9fVs1bYFE4-5Z6-uvBT7xIyy6gkMRYPFp2U0GTkAbVPsARalHaA5H6h1et3NLvHBMsrQezwq-f49z_7IcnkfZekhvoN4e0qVPDbIEO-MRpNB88Imi_VUl23Hl6EE1HpldY6zsWoT8Kt8YsLDIM-pdfsJOah1Q3Dv7oRU3jleOFEvbkG6KzB2nqhFvClvQeOJSmYjEwcWbaeBAmAg8j_p5f3w5CrMSFUq8SMeyGWSQaB5awgVgiEcFbmvmBiNiT7XzJgMZ7Bhrm6lTRdiY9_Diaf4BF2zrzfZ6IASpVOm4s7l6pEqkdmvs_jF5AJn630vucScb4rIB8NqBC3UxfFcrCXhzKUAWySGUtPy25EnAvE-onF6XTacjJhlz4NVRDk9h8JfPvNGEBC2GzkvnzZC6f8neVzPy8XDIaKU1MQk2DHV9Af7qZsxt5xln1ERfKgtfTwKtIbmWqG8kbTDWlFvmtImMsDOP6LseiExUQ3y7kUv9TDA6QmdMZKI2sGWGTbHBwuHuU93pJ8ctErK6QuKYtw4RFN1HmZAgBU3-3bGBLlmGeW7vzjvbHWGQnSEjG1mKP1u9ePH2EI4Ku7p-ZJ8G1YRQFGJDyba1JyeUTv9ndIiQfJ1nTvGVGjXtvwJhx2Tv406DAGK0GUjPHqJw2r1JZEWlD6QyZjaBe0evSEgOgFx3CU7FuDlKpYBvUoYtnMPOdTwqsxxnS7CgRGmxCyz4MpqdWZ46FTs5BmRMeCHt8KpbfTSU2w-Hk25r7e3U12oa_u7ZtsUG_kX3na5MOCy2orYX3fu2JnS0AvkgqFv0uiJXLxtU95jTmZRU2tnBXjydwxNBeHGBEv4wCshtsUQUuRYpi09gXE0OVAX1KcdQqso-AfKRPcWrGDJVNWX8rPL04z8IcJ6_6HIR0E3Xag9KDEK_W2cb-4YoW2ot1nqnYS-WzvzZ7XnjjBD9qldezXLtrRo_h_AdM6zHP5y8-bxak8gcnDuFLFeo6mUmA/wp/WqWlrQAONdAKNw4NAAdw2VNGGjkm2ItqKMSk6Q/pclick/https://adclick.g.doubleclick.net/aclk?sa\x3dL\x26ai\x3dCw6BAraWlWtDrOI2c3AHZ4Z2oC5bw_rxN6uTGo4kBwI23ARABIABgyZ7rirSk2A-CARdjYS1wdWItNjg5MjI4MzQ0NDE1NjcwMMgBCagDAaoE8QFP0E0JeK3Vj8OwVGef6HyMw6Y-zvxrEde9ROXFXC1hUVoPI1kkcbabAP3evYqg2qWiRzyQXIbH7sg9jAjROzySEOP_VcXlffQE6ChE0xScQctSGQE6Pogs1iKAXworVzTZUtP0BrKw9Hv5EDxcH59KbMzr9RWyDA6bBdrRITGW5WtfF6yp-AC1nvZCrRUpJ_NUYwLPC9ktbv-w3E_l3eyYcsaLwc0uQFII5op83FNUcdU8-bKBllKkp-vrPgCou8byj0ZiN3l74eXRTZlkE2yIhEJwK0Icax6f-4fSQhf4VmoXvM8bpPsuigd9touq9FlFgAaolJDOjOWyz5EBoAYhqAemvhvYBwDSCAUIgGEQAQ\x26num\x3d1\x26sig\x3dAOD64_3YabP5LcC_FXf0PMyCPc-7Go2rBA\x26client\x3dca-pub-6892283444156700\x26adurl\x3d\x22\x3e\x3c/script\x3e\x3cscript src\x3d\x22https://tpc.googlesyndication.com/pagead/js/r20180307/r20110914/client/ext/m_window_focus_non_hydra.js\x22 async\x3e\x3c/script\x3e\x3cscript\x3efunction initWindowFocus() {window[\x27window_focus_for_click\x27] \x3dwfocusnhinit(\x22https://googleads.g.doubleclick.net/pagead/conversion/?ai\\x3dCw6BAraWlWtDrOI2c3AHZ4Z2oC5bw_rxN6uTGo4kBwI23ARABIABgyZ7rirSk2A-CARdjYS1wdWItNjg5MjI4MzQ0NDE1NjcwMMgBCagDAaoE8QFP0E0JeK3Vj8OwVGef6HyMw6Y-zvxrEde9ROXFXC1hUVoPI1kkcbabAP3evYqg2qWiRzyQXIbH7sg9jAjROzySEOP_VcXlffQE6ChE0xScQctSGQE6Pogs1iKAXworVzTZUtP0BrKw9Hv5EDxcH59KbMzr9RWyDA6bBdrRITGW5WtfF6yp-AC1nvZCrRUpJ_NUYwLPC9ktbv-w3E_l3eyYcsaLwc0uQFII5op83FNUcdU8-bKBllKkp-vrPgCou8byj0ZiN3l74eXRTZlkE2yIhEJwK0Icax6f-4fSQhf4VmoXvM8bpPsuigd9touq9FlFgAaolJDOjOWyz5EBoAYhqAemvhvYBwDSCAUIgGEQAQ\\x26sigh\\x3dCUXotfxXtxA\x22,\x22raWlWtiAOMSB3QHplImoCA\x22,\x22CJD2xJqh5dkCFQ0ONwod2XAHtQ\x22,true,false,false,0);}if (window.wfocusnhinit) {initWindowFocus();} else {window[\x27google_wf_async\x27] \x3d initWindowFocus;}\x3c/script\x3e\x3cscript src\x3d\x22https://tpc.googlesyndication.com/pagead/js/r20180307/r20110914/activeview/osd_listener.js\x22\x3e\x3c/script\x3e\x3cscript type\x3d\x22text/javascript\x22\x3eosdlfm(-1,\x27\x27,\x27B2Q5oraWlWtDrOI2c3AHZ4Z2oCwDq5MajiQEAABABOAHIAQmgBiHSCAUIgGEQAQ\x27,\x27\x27,1035606951,true,\x27zac\\x26ud\\x3d1\\x26la\\x3d0\\x26alp\\x3dai\\x26alh\\x3d2784397038\\x26\x27,3,\x27\x27,\x27//pagead2.googlesyndication.com/activeview?avi\\x3dB2Q5oraWlWtDrOI2c3AHZ4Z2oCwDq5MajiQEAABABOAHIAQmgBiHSCAUIgGEQAQ\x27,\x27\x27);\x3c/script\x3e\x3cscript src\x3d\x22https://tpc.googlesyndication.com/pagead/js/r20180307/r20110914/client/ext/m_qs_click_protection.js\x22\x3e\x3c/script\x3e\x3cscript\x3egoogqscp.init([[[[null,500,99,2,8,null,null,null,1]]],null,null,null,null,0,null,null,0]);\x3c/script\x3e\x3cscript\x3eif (window.top \x26\x26 window.top.postMessage) {window.top.postMessage(\x27{\x22googMsgType\x22:\x22adpnt\x22}\x27,\x27*\x27);}\x3c/script\x3e\x3cdiv style\x3d\x22display:none\x22 data-google-query-id\x3d\x22CJD2xJqh5dkCFQ0ONwod2XAHtQ\x22\x3e\x3c/div\x3e\x3c/body\x3e\x3c/html\x3e');doc.close();</script></body></html>
Further edited to add: The above snippet, when pasted into a HTML file, still generates the cross-site scripting warning. So that's the actual code, not just some random HTML.
 
Last edited:
  • Like
Reactions: Patrick

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
I will look into it.

Actually working on getting rid of Google AdSense altogether in the next two quarters.
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,511
5,792
113
That is funny since I see a lot of adds for AdSense on my phone these days

Chris
Yea, I need to put together a new state of STH post one of these days.

The plan is to keep quantity about the same but move to an outside agency sold with clear rules of engagement, e.g. static banners.

I have interviewed about a dozen agencies/ folks, and people say that STH given its current size should be making 15-20x more revenue, after the big agency cut, than it is with AdSense.

I had thought that the difference was that we were losing 15-30% but that seems not to be the case.

The other item I prefer is less of the annoying ads. I think STH is still among the less obtrusive options, but I have said "NO" to anything that looks like Anandtech/ Toms.