I am facing some issue with Javascript injection on IE9 (>Medium-high security). In my application when user wants to add any web page to their bookmarks, they click a link, and it injects a Javascript into that page, this injected javascript grabs all details about page and redirect users to my site.
On IE9, it does not seems to be working with Medium-high security. I suspect this has to do something how IE9 handles cross-site javascript injection. But, was not able to find any relevant information.
Can someone please help or guide me to some related information.
Thanks
You may find this TechNet post useful, especially the row “Allow scripting of Internet Explorer Web browser control”.
Apparently Internet Explorer doesn’t allow scripts to control the web browser except on Medium-Low and Low security levels. Because of this, you won’t be able to redirect the browser unless it’s set to one of those two levels.
Perhaps instead of redirecting them you could add some kind of notification to the DOM and give them a link to your website?