Simon Willison's Weblog: internet-explorer

2020 Web Milestones

2020-01-24T04:43:16+00:00

2020 Web Milestones

A lot of stuff is happening in 2020! Mike Sherov rounds it up—highlights include the release of Chromium Edge (Microsoft’s Chrome-powered browser for Windows 7+), Web Components supported in every major browser, Deno 1.x, SameSite Cookies turned on by default (which should dramatically reduce CSRF exposure) and Python 2 and Flash EOLs.

Via @mikesherov

Tags: chrome, csrf, flash, internet-explorer, javascript, python, web, deno, samesite

What data structures are used to implement the DOM tree?

2013-02-17T13:31:00+00:00

My answer to What data structures are used to implement the DOM tree? on Quora

You may enjoy this post from Hixie back in 2002 which illustrates how different browsers deal with incorrectly nested HTML. IE6 used to create a tree that wasn't actually a tree! http://ln.hixie.ch/?start=103791...

Tags: chrome, data-structures, firefox, html, internet-explorer, opera, webkit, quora, firefoxos

Quoting Alex Russell

2010-10-11T23:01:00+00:00

Why, for a decade of experience, can we not seem to see the IE 8 zombie coming? It’s not like it’s going to be some big surprise that unless we do something different, we’ll still be supporting it in 2015. That’s right: in 2015, you’ll still be thinking about a browser that doesn’t support canvas or video and doesn’t even have a JITing JS engine.

— Alex Russell

Tags: alex-russell, ie8, internet-explorer, recovered

Internet Explorer Platform Preview Guide for Developers

2010-03-16T18:36:38+00:00

Internet Explorer Platform Preview Guide for Developers

Lots of SVG and CSS3 stuff, no mention of canvas here either though.

Via IE testdrive preview release notes

Tags: canvas, css3, html5, ie9, internet-explorer, microsoft, svg

An Early Look At IE9 for Developers

2010-03-16T18:11:25+00:00

An Early Look At IE9 for Developers

Surprisingly, no mention of SVG or canvas and only a note in passing about HTML 5.

Via Jeffrey Zeldman

Tags: canvas, html5, ie9, internet-explorer, microsoft, svg

Internet Explorer: Global Variables, and Stack Overflows

2010-03-02T09:21:26+00:00

Internet Explorer: Global Variables, and Stack Overflows

An extremely subtle IE bug—if your recursive JavaScript function is attached directly to the window (global) object, IE won’t let you call it recursively more than 12 times.

Tags: bugs, internet-explorer, javascript, recursion

Internet Explorer Cookie Internals (FAQ)

2010-02-26T12:25:24+00:00

Internet Explorer Cookie Internals (FAQ)

Grr... IE 6, 7 and 8 don’t support the max-age cookie argument, forcing you to use an explicit expiry date instead. This appears to affect the cache busting cookie pattern, where you set a cookie to expire in 30 seconds for any user who posts content and use the presence of that cookie to skip caches and/or send their queries to a master instead of slave database. If you have to use expires, users with incorrect system clocks may get inconsistent results. Anyone know of a workaround?

Tags: cachebusting, caching, cookies, internet-explorer

Deep Tracing of Internet Explorer

2009-11-18T08:06:47+00:00

Deep Tracing of Internet Explorer

dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of.

Tags: ajax, debugging, dynatraceajax, internet-explorer, javascript, john-resig

Quoting Microsoft spokesperson

2009-09-24T16:49:14+00:00

Given the security issues with plugins in general and Google Chrome in particular, Google Chrome Frame running as a plugin has doubled the attach area for malware and malicious scripts. This is not a risk we would recommend our friends and families take.

— Microsoft spokesperson

Tags: microsoft, google, chrome, chromeframe, security, plugins, internet-explorer

More technical details about Google Chrome Frame

2009-09-23T22:20:57+00:00

More technical details about Google Chrome Frame

It’s implemented as a Browser Helper Object, uses IE’s cookies, history and password-remembering, includes the WebKit developer tools and appends “chromeframe” to the regular IE user agent string—though not apparently the Chrome Frame version itself.

Tags: bho, chrome, chromeframe, google, internet-explorer

Quoting Charles Miller

2009-09-23T15:08:18+00:00

Ask browser users, and they'll tell you the overwhelming reason why they can't upgrade to a more modern, standards-compliant browser is because their work won't let them. Ask IT departments why this is the case and they'll point to the six- to seven-figure costs of upgrading turn-of-the-century Intranets written to work in, and only in, Internet Explorer 6. Google have provided a way for websites to opt out of IE6 (and even IE7) support without requiring enterprise-wide, Intranet-breaking browser upgrades.

— Charles Miller

Tags: chrome, chromeframe, google, ie6, charles-miller, internet-explorer

Quoting Lars Rasmussen and Adam Schuck

2009-09-23T09:59:08+00:00

In the past, the Google Wave team has spent countless hours solely on improving the experience of running Google Wave in Internet Explorer. We could continue in this fashion, but using Google Chrome Frame instead lets us invest all that engineering time in more features for all our users, without leaving Internet Explorer users behind.

— Lars Rasmussen and Adam Schuck

Tags: lars-rasmussen, adam-schuck, google-wave, chrome, google, wave, chromeframe, internet-explorer

Introducing Google Chrome Frame

2009-09-23T09:57:59+00:00

Introducing Google Chrome Frame

Here’s what Alex Russell has been up to at Google: An IE plugin (for 6, 7 and 8 on all Windows versions) which embeds the Google Chrome rendering engine—sites can then opt-in to using it by including a X-UA-Compatible meta tag. Seems to be aimed at corporate networks which mandate IE for badly written intranet applications—they can roll this out without retraining users to use another browser or breaking their existing in house apps.

Tags: alex-russell, chrome, chromeframe, google, internet-explorer, webkit, xuacompatible

Microsoft backs long life for IE6

2009-08-14T14:53:50+00:00

Microsoft backs long life for IE6

Oh FFS... “The software giant said it would support IE6 until 2014—four years beyond the original deadline.”

Tags: browsers, ffs, ie6, internet-explorer, microsoft

Quoting David Baron

2009-07-08T20:30:27+00:00

Microsoft was slowing development of new versions of Internet Explorer in the hope that Web-based applications would not be able to compete with Windows applications, and Windows applications would keep people locked in to the Windows operating system. Thus XHTML2 was developed with no expectation that the leading Web browser would ever implement it.

— David Baron

Tags: david-baron, xhtml, xhtml2, microsoft, web-standards, internet-explorer

Cross Browser Base64 Encoded Images Embedded in HTML

2009-04-17T16:12:12+00:00

Cross Browser Base64 Encoded Images Embedded in HTML

Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments.

Via HedgerWow

Tags: base64, browsers, hedger-wang, internet-explorer, mime, php

cufon

2009-04-06T22:29:47+00:00

cufon

A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers.

Tags: browsers, canvas, cufon, fontforge, fonts, internet-explorer, javascript, sifr, typography, vml

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

2009-03-19T15:30:36+00:00

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari

You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet.

Tags: browsers, firefox, ie8, internet-explorer, pwn2own, safari, security

Fixing IE by porting Canvas to Flash

2009-03-15T13:34:47+00:00

Fixing IE by porting Canvas to Flash

Implementing canvas using Flash is an obvious step, but personally I’m much more interested in an SVG renderer using Flash that finally brings non-animated SVGs to IE.

Tags: canvas, flash, internet-explorer, svg

Ehy IE8, I Can Has Some Clickjacking Protection?

2009-01-29T13:39:34+00:00

Ehy IE8, I Can Has Some Clickjacking Protection?

IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe.

Via ha.ckers.org

Tags: clickjacking, http, ie8, iframes, internet-explorer, javascript, security

Microsoft: Big Security Hole in All IE Versions

2008-12-16T20:26:53+00:00

Microsoft: Big Security Hole in All IE Versions

Looks like a 0-day that’s being actively exploited.

Tags: 0day, internet-explorer, microsoft, security

Internet explorer mystery #1376

2008-12-03T09:04:17+00:00

Internet explorer mystery #1376

IE executes function definitions inside an “if (0)” block. That frightens me.

Tags: internet-explorer, javascript, ned-batchelder

The March of Access Control

2008-11-19T08:40:34+00:00

The March of Access Control

The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs.

Tags: accesscontrol, browsers, crossdomain, internet-explorer, john-resig, security

On UI Quality (The Little Things): Client-side Image Resizing

2008-11-12T23:00:15+00:00

On UI Quality (The Little Things): Client-side Image Resizing

Two neat tips for cleanly scaling down images in IE 6 and 7 from Flickr’s Scott Schiller.

Tags: flickr, imagescaling, internet-explorer, scott-schiller

Quoting Tom Armitage

2008-09-03T10:19:31+00:00

The greatest coup Microsoft pulled with Internet Explorer was putting the word "Internet" in its name. It sits there, on the desktop of every new Windows computer, and it says "Internet". So you click it. [...] What better way to beat a browser with the word "Internet" in its name - a browser that seemingly can't be beat no matter how hard we try - than the Internet Company itself making a browser?

— Tom Armitage

Tags: microsoft, tom-armitage, google, browsers, chrome, internet-explorer

IE8 Security Part IV: The XSS Filter

2008-07-03T09:37:39+00:00

IE8 Security Part IV: The XSS Filter

IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0).

Via BlueHat

Tags: http, ie8, internet-explorer, microsoft, security, xss, xssfilter

Obscure bugs revisited: IE, HTTPS and plugins

2008-05-30T09:54:05+00:00

Obscure bugs revisited: IE, HTTPS and plugins

Filed for future reference: IE breaks mysteriously if you serve it up plugin content (e.g. Flash) over HTTPS with a no-cache header—it deletes the file from cache before the plugin software gets a chance to open it.

Tags: bugs, caching, flash, https, internet-explorer, plugins, richard-terry

Reading binary files using Ajax

2008-04-22T19:02:02+00:00

Reading binary files using Ajax

There’s a simple trick for Firefox, and (amazingly) you can get IE to play along using a function written in VBScript.

Tags: ajax, binary, firefox, internet-explorer, javascript, vbscript, xmlhttprequest

Flirting with mime types [PDF]

2008-04-14T08:18:17+00:00

Flirting with mime types [PDF]

Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.

Via Billy Rios

Tags: browsers, contenttypes, internet-explorer, security, xss

CSS Compatibility and Internet Explorer

2008-04-02T20:05:28+00:00

CSS Compatibility and Internet Explorer

Official Microsoft guide to which CSS properties are supported by which versions of IE. This is the kind of documentation browser vendors should be providing as a matter of course.

Via Ian Muir

Tags: css, documentation, internet-explorer, microsoft, standards