25 items tagged “ie8”
2010
Why, for a decade of experience, can we not seem to see the IE 8 zombie coming? It’s not like it’s going to be some big surprise that unless we do something different, we’ll still be supporting it in 2015. That’s right: in 2015, you’ll still be thinking about a browser that doesn’t support canvas or video and doesn’t even have a JITing JS engine.
2009
Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea.
Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet.
Ehy IE8, I Can Has Some Clickjacking Protection? (via) IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe.
2008
IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0).
Google’s excanvas only works in quirks mode for IE8. IE8 in act-as-IE8 mode disables VML but doesn’t implement canvas, so there’s currently no 2D drawing method for that browser. UPDATE: The problem is Google’s excanvas library, not IE8 disabling VML; see comments.
IE8 speeds things up. Steve Souders notes that IE8 downloads script files in parallel before executing them sequentially, giving it a significant speed boost over other browsers that download sequentially.
JavaScript in Internet Explorer 8. John Resig’s analysis. News to me: IE 8 doesn’t support the W3C event model—I had assumed that would be a priority.
Internet Explorer 8 Readiness Toolkit. The new built-in development tools look similar enough to Firebug to make me very happy. Also of interest: Selectors API (for fast getElementsBySelector), CSS 2.1 support, support for XHTML style namespaces in HTML, an interesting Web Slices feature based on the hAtom microformat and 6 connections per host (up from 2) which should make Comet easier.
Table-Based Layout Is The Next Big Thing. Kevin Yank points out that the inclusion of display:table in IE 8 will finally open up a powerful tool for creating CSS layouts that has so far been mostly ignored.
Principles and Legality. Eric Meyer notes that language about legality in Microsoft’s recent IE announcement suggests that Opera’s much criticised EU threat may have helped positively influence the result.
We've decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we've posted previously.
— IEBlog
Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag.
Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date.
If Web authors actually use this feature, and if IE doesn't keep losing market share, then eventually this will cause serious problems for IE's competitors — instead of just having to contend with reverse-engineering IE's quirks mode and making the specs compatible with IE's standards mode, the other browser vendors are going to have to reverse engineer every major IE browser version, and end up implementing these same bug modes themselves.
HTML 5 published as W3C First Public Working Draft! A significant step, almost completely overlooked in the hubbub over IE8.
No matter what great leaps forward the Internet Explorer team make from now on, the majority of developers won’t use them and the majority of users won’t see them. By doing this the Internet Explorer team may have created their own backwater, shot themselves in the foot and left themselves for dead.
<META HTTP-EQUIV="X-BALL-CHAIN">. Mozilla hacker Robert O’Callahan discusses the technical implications of freezing copies of older rendering engines, including the increased footprint and the terrifying prospect of documents in different rendering modes communicating through iframes and the DOM.
Broken. Jeremy highlights the fly in the ointment: if you want IE 8 to behave like IE 8 (and not pretend to be IE 7), you HAVE to include the X-UA-Compatible header.
The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.”
Like DOCTYPE switching did in 2000, version targeting negates the vendor argument that existing behaviors can't be changed for fear of breaking web sites. If IE8 botches its implementation of some CSS property or DOM method, the mistake can be fixed in IE9 without breaking sites developed in the IE8 era. This actually makes browser vendors more susceptible to pressure to fix their bugs, and less fearful of doing so.
Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion.
IE7.js version 2.0 (beta). Dean Edwards has updated IE7, shifting enhancements that weren’t fixed by the real IE7 in to a new script called IE8. You can also now hotlink the library directly from Google’s servers, though I don’t know how intended Google Code’s subversion repository is for that purpose.
2007
IE8 Passes Acid2 Test. This is huge. As Kevin Yank points out, this means IE8 includes proper support for the object tag, CSS table layout properties and generated content.
Conversation with Bill Gates about IE8 and Microsoft Transparency. Molly asks the tough questions about IE8—it looks like there should be a lot of IE8 material at MIX08 next year.