I have recently come across a site for work that requires the GPO in IE, "Turn off Cross Document Messaging," be disabled in order to work.
I have contacted the site and was told that they have recently implemented alternate domains to help mitigate the risk of SQL injections and website hijacking but doing so requires "Turn off Cross Document Messaging" be disabled in IE in order for the page to work properly.
I would like to know what are the security risks or implications to disabling this policy.
Thanks for your help.