25 items tagged “internet-explorer”
2010
Why, for a decade of experience, can we not seem to see the IE 8 zombie coming? It’s not like it’s going to be some big surprise that unless we do something different, we’ll still be supporting it in 2015. That’s right: in 2015, you’ll still be thinking about a browser that doesn’t support canvas or video and doesn’t even have a JITing JS engine.
Internet Explorer: Global Variables, and Stack Overflows. An extremely subtle IE bug—if your recursive JavaScript function is attached directly to the window (global) object, IE won’t let you call it recursively more than 12 times.
2009
Deep Tracing of Internet Explorer. dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of.
Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments.
2008
Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited.
Internet explorer mystery #1376. IE executes function definitions inside an “if (0)” block. That frightens me.
IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0).
Obscure bugs revisited: IE, HTTPS and plugins. Filed for future reference: IE breaks mysteriously if you serve it up plugin content (e.g. Flash) over HTTPS with a no-cache header—it deletes the file from cache before the plugin software gets a chance to open it.
Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.
We've decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we've posted previously.
— IEBlog
Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag.
Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date.
If Web authors actually use this feature, and if IE doesn't keep losing market share, then eventually this will cause serious problems for IE's competitors — instead of just having to contend with reverse-engineering IE's quirks mode and making the specs compatible with IE's standards mode, the other browser vendors are going to have to reverse engineer every major IE browser version, and end up implementing these same bug modes themselves.
No matter what great leaps forward the Internet Explorer team make from now on, the majority of developers won’t use them and the majority of users won’t see them. By doing this the Internet Explorer team may have created their own backwater, shot themselves in the foot and left themselves for dead.
The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.”
Like DOCTYPE switching did in 2000, version targeting negates the vendor argument that existing behaviors can't be changed for fear of breaking web sites. If IE8 botches its implementation of some CSS property or DOM method, the mistake can be fixed in IE9 without breaking sites developed in the IE8 era. This actually makes browser vendors more susceptible to pressure to fix their bugs, and less fearful of doing so.
Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion.
2007
DebugBar. Suggested at BarCamp London 3 as a useful tool for developing with IE; apparently includes a great JavaScript debugger.
Global namespace pollution in IE. Another reason to avoid JavaScript global variables like the plague: IE creates a bunch of them for you which may well intefere with your own code.
Seeking market share, Microsoft removes WGA anti-piracy check from IE7. Hopefully this will accelerate the rise of IE7 over IE6.
Fixing GC issues on IE 6: New IE download. Microsoft have released Windows Script Host / Script Runtime version 5.7, which apparently cleans up a bunch of IE 6 memory leaks.
Operation Aborted. Another fantastically obscure IE bug: appending new elements to the HEAD element breaks if a BASE tag is present.
Background Iframe (bgiframe). jQuery plugin that inserts an iframe shim behind an element in IE, allowing the element to be positioned overlapping a select box without the select box showing through.
Brendan Eich: New Projects. Exciting new projects from Mozilla. ActionMonkey is joined by IronMonkey (IronPython/IronRuby on Tamarin) and ScreamingMonkey (Tamarin for IE). Upgrading IE’s JavaScript using the Flash Player as a vector is a game-changing idea.
JavaScript Minifier that doesn’t break code (via) Perl re-implementation of Douglas Crockford’s classic JSMin that doesn’t clobber IE’s conditional comments, by Peter Michaux.