Sadly, IE8 xss filter is overly aggressive. It actually breaks the ability to use google to search for things like < script >. Try intercepting the responses and removing that tag. If you go to google and search for < script >, the first search will work (its a POST). But if you go up to the URL and hit enter (now creating a GET request), IE 8 will detect an XSS attack.

I did some testing on this and put my results here: link

http://michael-coates.blogspot.com/2009/07/ie-8-anti-xss-bit-overblown.html

-Michael

RE: Memo To Google: Stop Screwing with IE Security!