Looks like the Anti-XSS feature causes problems with URLs containing some characters such as <, (single quote) or " (double quotes). Whats happening?
If you’re following a link contained in an not trusted page and leading to a trusted page,, this behaviour is expected by design. The reason is that those characters can be used to inject malicious code in the destination page, and since the source site is not trusted, “extreme” measures are taken by default. Possible work-arounds are: • Removing the target site from your whitelist. This is usually the best and safest option, unless the target site absolutely mandates JavaScript, and is also the wisest choice especially for sites containing user-generated content, e.g. message boards or Wikipedia, because it prevents persistent XSS (also known as “Type 2”). • Clicking the “Options” button and choosing the XSS|Unsafe Reload command from the contextual menu, in order to replay the suspicious request skipping sanitization. • (Temporarily) adding the source site to your whitelist. Of course, you should do this only if you (temporarily) trust it, and is considerably less safe than #1 and #2
