Microsoft Edge browser

Microsoft is currently working on Windows 10 Redstone 5 update and it comes with a slew of improvements for native apps like Edge browser. With Windows 10 Redstone 5, the company is adding new features, Fluent Design and security-focused improvements to Edge browser.

In 2008 Microsoft introduced a cross-site Scripting protection technology called XSS Filter for Internet Explorer and it was later adopted by Chrome and other browsers. XSS protection is widely used by the website owners and it’s a great technology to protect the customers.

A report last week revealed that the latest builds of Microsoft Edge browser dropped the feature. Yesterday in a blog post,  Microsoft confirmed that the company is retiring the XSS filter in Edge browser with Windows 10 Redstone 5 but the customers will remain protected due to the implementation of modern standards like Content Security Policy.

“We are retiring the XSS filter in Microsoft Edge beginning in today’s build. Our customers remain protected thanks to modern standards like Content Security Policy, which provide more powerful, performant, and secure mechanisms to protect against content injection attacks, with high compatibility across modern browsers,” Microsoft said.

Content Security Policy (CSP) would easily mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks but according to Scott Helme, a security researcher, the CSP protection technology hasn’t been widely used yet.

“Anything to push CSP is great but it feels like they want to kill the auditor for some reason and this was an excuse to cover them,” Scott explains in a follow up tweet.

About The Author

Mayank Parmar

Mayank Parmar is an entrepreneur who founded Windows Latest. He is the Editor-in-Chief and has written on various topics in his seven years of career, but he is mostly known for his well-researched work on Microsoft's Windows. His articles and research works have been referred to by CNN, Business Insiders, Forbes, Fortune, CBS Interactive, Microsoft and many others over the years.