Comment Re:IE8 is *not* vulnerable (Score 1) 83
That doesn't make sense:
1. Google serves all ads within Google.com from that same domain. No cross-site scripting anywhere, so nothing for the XSS filter to block.
2. For external sites (AdSense), disabling the XSS filter on Google.com won't help either: the external site would have to disable it. Otherwise anyone could just disable the XSS filter on their own domain and hack away on other sites.