Cross-site scripting attacks are a leading online threat. Their aim is to exploit vulnerabilities in the websites you visit. How do they work? By compromising legitimate websites with malicious content that can capture keystrokes and record your login information and password. If your login information and password is captured, your personal data could be compromised.
Internet Explorer 9 includes a cross-site scripting (XSS) filter that can detect these types of attacks. If vulnerabilities are found, Internet Explorer disables the harmful scripts. The cross-site scripting filter is turned on by default to help protect you.