Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).

From Microsoft Internet Explorer 10 Security Technical Implementation Guide

Part of DTBI129 - Navigating across domains - Restricted

Associated with IA controls: ECSC-1

SV-45281r1_rule Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).

Vulnerability discussion

Frames navigating across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is possible that a website hosting malicious content could use this feature in a manner similar to cross site scripting. This policy setting allows you to manage the opening of sub-frames and access of applications across different domains.

Check content

Fix text

Set the policy value for Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer -> Internet Control Panel -> Security Page -> Restricted Sites Zone -> "Navigate windows and frames across different domains" to "Enabled", and select "Disable" from the drop-down box.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer