Internet Explorer 11 XSS Filter Issue - ‘Hanging’

A bug in Internet Explorer 11 may cause ‘hanging’ - Internet Explorer will ‘freeze’ and be unable to display the requested information. This relates to a problem with Internet Explorer 11’s Cross-Site Scripting (XSS) filter and compatibility settings and only occurs if you use Original WebX to access a ClearSCADA server:

• Over the Internet
• Over an Intranet connection where:
  • a node name is used in the URL

  and:

  • the security settings for the Local Intranet zone have been modified so that the XSS filter is enabled.
• By using an IP address to reference the ClearSCADA server (rather than a node name).
  

Typically, the ‘hanging’ occurs when displaying Query lists (including Events Lists) that have complex filters. For example, if you use Original WebX to display an Events List that has multiple WHERE, AND, OR filters specified in its query, Internet Explorer may ‘hang’. A common situation in which this can occur is when the Display Events action is selected for an object on a Mimic.

'Hanging' can also occur when trying to access a 'custom' Ad Hoc Trend, for example via a hyperlink on a Mimic. (A 'custom' Ad Hoc Trend is a Trend that has been defined using TrendSpec, ClearSCADA's specification language.)

There are two simple and effective work arounds that will allow you to display filtered query lists and Ad Hoc Trends in Original WebX.

Either:

• Run Original WebX in Compatibility View. With websites that contain incompatible content, an additional icon appears in the address bar in Internet Explorer. Select the icon to run Original WebX in Compatibility View. (Alternatively, use the browser's Tools menu to turn Compatibility View on or off, or to add the website to the list of sites that you want the browser to display in Compatibility View.)

Or:

• Add the connection to the server to the list of Trusted Sites and then disable the XSS Filter setting.

  To add an Original WebX to ClearSCADA server connection to your Trusted Sites:

  1. Using an Original WebX client, log on to the ClearSCADA server you want to access. You will need to use a User Name and Password that is valid for a ClearSCADA User account (and that User account has to have the appropriate permissions to access the server).
  2. Once you have logged on to the server, select Tools>Internet Options to display the IE11 Internet Options dialog box.
  3. Select the Security tab.
  4. Select the Trusted Sites icon.
  5. Select the Sites button to display the Trusted Sites dialog box.

     The URL of the Original WebX connection to the server should be shown in the Add this website to the zone field.

  6. Add the URL to the list of Trusted Sites:
     • If you use secure URLs (https:), select the Add button. The connection to the ClearSCADA server is now added to your list of Trusted Sites and will be unaffected by the XSS filter issue.
     • If you use non-secure URLs (http:), you should clear the Require server verification (https:) for all sites in this zone check box. This allows you to add non-secure sites to the Trusted Zone. Then select the Add button to add the connection to the ClearSCADA server to your list of Trusted Sites.
  7. On the Security tab, select the Trusted Sites icon and then select the Custom Level button. This displays the Security Settings dialog box.
  8. Scroll down to the Enable XSS Filter setting.
  9. Select Disable for the Enable XSS Filter setting.
  10. Select the OK button.
  11. On the Internet Options dialog box, select the Close button.
  12. Repeat this process on each Original WebX client.

  Alternatively, you could access the Custom Level settings for the Internet zone and disable the Enable XSS Filter setting. However, this would apply to all connections over the Internet, not just those to a ClearSCADA server. For this reason, we recommend that you use the Trusted Sites work around as described above.