2004/7
We’ve heard loud and clear that many people want a better connection with the IE Team. We’re happy to do something about it. Our goal in this blog is to be a good place, direct from the source, for information about IE. What are we working on? How do we make decisions? Why does some part of IE work the way it does? What keeps us up late at night? What are we thinking of around security, extensibility, and other key areas? Hey, any good tips and tricks? Some people on the team have already been doing...
I hopefully got your attention with the title of my first post. And it is definitely true for me, as I have loved browsing the web since I started way back in the mid 90s, and I really love browsing with IE. Yet, you may ask who I am or who we are that will be posting on this blog. I am Scott Stearns, the test manager for the Microsoft Internet Explorer team (as Dean says we will be pulling together full bios of people later). The IE team as we usually say. Some of us have our individual blogs today...
Now that we have the team blog going I thought it'd be useful to share a few of what we see as essential resources. You'll see links to these at the side of this page as well and I'm sure we'll add more links over time. You can find my own blog at http://blogs.msdn.com/dmassy Thanks -Dave Massy Internet Explorer Program Management team Useful Resources There are lots of useful resources for Internet Explorer that we’d like to point out to you in case you are not familiar with them. Blogs - There...
I am glad to see what got lots of feedback and discussion around our posts from yesterday. I am still digging through all the comments from yesterday and today, but I did notice some profanity. As people get more engaged with IEBlog, we want to set down some guidelines on how we are going handle comments in general. Our primary goal is for this to be a place for open discussion about IE, so we don’t want to have lots of overhead and process. Things we want to see in comments: Lots of good interesting...
I will paraphrase Jeff Davis , a developer on the IE team, when it comes to setting parameters for what we will and will not talk about IEBlog.
We will happily post and discuss issues around what features should be in IE, how features work in IE, the importance of application compatibility in IE, tips and tricks in IE, answers to technical issues, security and extensibility in IE, web browsing in general, and what keeps us up at night.
For better or worse, there are some things we are just...
Thanks for the overwhelming amount of feedback and discussion. After work yesterday, I spent some of my time reading through the comments to my post (instead of reading the 9/11 Commission report). It looks the comments have grown some since I pulled this together last night. Here is my basic breakdown of what I am seeing in the response to my post. I list them in no particular order; most are improvement requests while some are data points. I have to say my favorite is the comparison of IE to Courtney...
Great to get a link from Mr Scoble on the IEBlog. For people who are interested in applying for employment at Microsoft here’s a link . There is also the jobsblog , which talks about the different possible career paths at Microsoft. The IE team is a great place to work with lots of smart friendly people. Scott
Here is a tip to make your IE favorites more powerful. You can make the name of favorites keywords that if typed in the address bar will launch the favorite. For example, say you like to go to your favorite web email site a lot, but you don’t want to make it your home page. Simply add a favorite that takes you to the web email site in the main favorites folder (this won’t work if you put it in a subfolder). Then rename the favorite to something easy to type. For example, I go to http://www.hotmail...
My name is John, and I work on the Internet Explorer team. It's a little hard to explain my actual function on the team, but my current official title is "Development Manager". I'm also something of an adrenaline junkie. I'm big into back country and park/pipe snow boarding , semi-closed circuit rebreather and mixed gas diving , hiking and climbing up and around Mount Rainer , and spelunking into Internet Explorer code and architecture (I’m not sure which of my passions is most challenging). Frankly...
There’s a new security update for IE available. You can find the security bulletin here http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx and the Knowledge Base article here http://support.microsoft.com/default.aspx?kbid=867801 Candidly, I’d like to write in depth about the vulnerability, different approaches we thought of in defending against it and the compatibility issues (site and application) that each approach entailed, and how we chose the one that we released. The main reason...
2004/8
Hi, I’m Tony Chor, the Group Program Manager for the Internet Explorer team. As you may know, we’ve been working hard on IE for Windows XP Service Pack 2, and we signed off on it last week. You can get a very detailed description of the changes on MSDN. (This is lovingly referred to internally as the Book of Springboard – Springboard was the codename for XP SP2.) However, I thought I’d give a high level description of the kinds of changes we made and why. First, as with any project, we set our goals...
Channel 9 has just released a video where Dean discusses the exciting challenge of leading the Internet Explorer team. It’s well worth watching this and all the other videos on Channel 9 which often give an understanding into the motivation behind the projects we undertake. For those of you who aren’t aware, Channel 9 was established by five guys at Microsoft to allow you to get an insight into Microsoft and as a forum for discussion. If you aren’t a member then join up, it does require an email...
The comments system for blogs.msdn.com was recently upgraded and the default was changed to block automatic posting of comments. I have changed it back, which means all comments should show up without having to be published and I also published any comments that were pending. Scott
As we’ve been posting we’ve been mentioning our titles, but we haven’t really explained what those titles mean or what we do on the IE team, so I thought I’d explain. Like many Microsoft product teams, there are three primary job functions that are dedicated to IE: Development, Test, and Program Management. In addition to these roles, we have key members of our virtual team who are shared with other parts of the Windows organization; these are jobs like SDK Writer, Localizer, Designer, Product Manager...
As we recently shipped security update MS04-025, I thought it would be good to talk about the testing coverage that we do for each security update. Testing is about risk management, and we have to make judgments about where to invest heavily in testing and where to invest less in testing to achieve the highest quality IE when we release. Code change is one main driver of this (test where the code is changing), but another important part of the process is to understand the larger landscape of what...
My name is Bruce Morgan, and I am another one of the development managers on the IE team. I manage the developers who work on the User Experience of IE – the UI and related infrastructure. I spend most of my time focused on the features “outside the rectangle” of the page the user is browsing, such as Favorites, History, the “Internet Options” dialog, and the like. Essentially, John is focused on security and platform issues, Dave is on web developer issues, and I’m all about the end-user feature...
I have noticed going through the comments for our entries, that some people have started posting comments that are specific asks for help with IE issues. This blog is not focused on being a support forum, but we will try to help people as we can. If you are looking for more expedient and focused help please see the Microsoft Internet Explorer Support page - http://www.microsoft.com/windows/ie/support/default.mspx . Also please use the Contact link ( http://blogs.msdn.com/ie/contact.aspx ) as mechanism...
There have been some questions about how pop-up blocking works in XPSP2 in the comments. Jeff Davis , one of the IE developers who worked on this feature in XPSP2, has put together a post ( http://blogs.msdn.com/jeffdav/archive/2004/08/25/220737.aspx ) that gives more details on what we consider a user initiated click. If you want to get better sense for how it works, please take a read through his latest entry - mouseDown + mouseUp = click . Thanks. Scott
We’ve just launched a new Community site for Internet Explorer to help support end users. This is linked from the main Internet Explorer page on www.microsoft.com . It includes links to other Internet Explorer sites, downloads and hints and tips. This site is focused on providing resources to end users but we also have sites with information for other parts of the wide audience for Internet Explorer: Resources for developers at the Internet Explorer Developers Center on MSDN Resources for the IT...
2004/9
US-CERT published an advisory on XPSP2 the other day. Main statement – “Microsoft Windows XP Service Pack 2 (SP2) significantly improves your computer's defenses against attacks and vulnerabilities.” They specifically talked about IE changes, including local machine zone lockdown. Full advisory is at http://www.us-cert.gov/cas/alerts/SA04-243A.html . Thanks. Scott
Hi, I’m Christopher Vaughan, and I’m the lead project manager for the Internet Explorer team. I’ve worked on IE on and off since the IE 3.0 days, and have been involved in every major Windows release since Windows 95. I work with Dean, Scott, Tony, Dave, and the others who have or will be posting here to make sure that the IE team is working on the right things and at the right times. I wanted to drop a quick note to make sure people knew about an update to our user agent string in Windows XP Service...
Hi, I’m Gary Schare and I run the product management team for IE. This includes defining and communicating the IE value proposition for all customer segments and helping the product team with long-term product strategy. I posted a comment last week about Windows Marketplace on the Community Site entry and wanted to follow up with more info. Windows Marketplace went live this week and contains an entire section devoted to browser add-ons. This section comes directly from Download.com so all add-ons...
With XPSP2 out the door, we’re turning our attention to bringing our latest security enhancements to upcoming Windows releases. Next up: Windows Server 2003 SP1 and Windows XP 64-bit edition v2003, which are both currently in Beta. Both these platforms will receive the same treatment as XPSP2 did for IE: they’ll get all our security improvements, the pop-up blocker, the information bar, etc. See Tony’s blog entry about IE in XPSP2 for more info & links about the changes we made in XPSP2. Customers...
In earlier posts, Christopher mentioned that for Windows XP SP2 and Windows Server 2003 SP1 the UA string was getting a new ‘SV1’ decorator. This has stirred up a flurry of questions and comments about our reasoning behind this decision. Why did we add ‘SV1’ instead of update the IE version number? Well, we know from past experience that changing the version number can have a huge impact on site and application compatibility. We felt that since IE for XPSP2 and WS03SP1 does not have significant changes...
If you’re a developer hosting the WebBrowser control, you’ll want to read Compatibility in Internet Explorer 6 for Windows XP Service Pack 2 . This article has details about changes such as: Local Machine Zone Lockdown Object Caching MIME Handling MIME Sniffing Network Protocol Lockdown Window Restrictions File Download Restrictions ActiveX Restrictions Pop-up Blocker Zone Elevation Blocks Binary Behaviors If you’re a website developer, then check out Fine-Tune Your Web Site for Windows XP Service...
2004/10
So this is my first post on this blog, my name is Phil Nachreiner, I’m a developer on the IE team. I’ll post more about myself in another time, but I’d like to talk briefly about opting into the security features we added in XPSP2. For example, we’ve made it extremely easy to opt existing applications that use the WebBrowser Control into the XPSP2 Information Bar without having to recompile the application. In the registry under the key: HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl...
Like any piece of software I have worked on, I have intense affection for the resultant software we ship (warts and all). However, there are usually a number of things you wish you had had more time to make better and every time you run across it in the product it drives you crazy. One thing that bothers me with IE in XPSP2 is the amount of hoops you need to click through to set Google or some other search engine as your autosearch provider. A quick way to set Google is to use the reg file up on...
Earlier this week we released the latest security update for IE, MS04-038 . We’ve been working on this since XPSP2 shipped, and it’s nice to see it made available to customers on Windows Update . This update addresses, among other issues, the drag & drop vulnerability that’s been in the news & security circles lately. This is also the first IE update to use the our latest installation technology , so corporations who deploy Microsoft products and updates will have a more uniform experience...
We’ve had more than a few comments suggesting that IE works too hard at backwards compatibility, and we cater to those people who “don’t code their pages correctly”, or people who otherwise “didn’t do things the right way”. These comments frequently go on to suggest that we (the IE team) should use our market position to “force people to fix their broken stuff”. I’d like to explain why we so adamantly disagree with that position, and why we work so hard at backwards compatibility. We feel it is vitally...
Slashdot picked up a story from Bugtraq entitled Web browsers - a mini-farce in which Michael Zalewski talks about feeding a variety of browsers a healthy dose of bad content over 2 hours and seeing what happened. The story also includes pointers to the tools he used for hammering the browsers. Here is a bit of his report: 6) Pointless rants It appears that the overall quality of code, and more importantly, the amount of QA, on various browsers touted as "secure", is not up to par with MSIE; the...
I thought I’d take a couple minutes to talk about Script Debugging and Internet Explorer. Script debugging is turned off by default you can enable it by going to: Tools->Internet Options…->Advanced->Disable Script Debugging Prior to XPSP2 the above will turn script debugging on for all applications that host the WebBrowser control (Outlook for example). On XPSP2 we’ve split the option into two: Tools->Internet Options…->Advanced->Disable Script Debugging (Internet Explorer) Tools...
I got an email thread the other day that started out with the question of how to add a trusted site into "LocalSystem"'s IE setting via command line or script (which is good question, but more on that later). As part of this thread it also talked about a power toy called Tweakomatic. Named to follow along in the great TweakUI power toy tradition, Tweakomatic is a tool for setting and configuring Windows and IE Settings. There are other ways to manipulate IE settings like group policy, but for a quick...
Congratulations to the Boston Red Sox, the 2004 World Series Champions! It is amazing to think that they not only won the World Series for the first time since 1918, but they did it in extraordinary fashion, winning 8 straight games against two of the best teams in baseball. Before I started working with a VIC-20 or a Commodore 64, I was a baseball fanatic. I grew up in New England (Vermont to be exact) living and dying with the fate of the Red Sox. I was fortunate enough to see them play a number...
2005/1
Microsoft released several security updates today – MS05-001, MS05-002 and MS05-003. MS05-001 has a fix for a remote code execution issue affecting the HTML Help Control. MS05-002 contains a fix for the “X-Focus” issues. MS05-003 has a fix for a remote code execution issue with Indexing Services The first two are rated “critical” and the third is “important”. MS05-001 is the most critical to reducing IE-based attack vectors. The HTML Help Control team updated the version of their control that fixes...
On Thursday Jan 13th at 10:00AM PST we’ll be holding our regular monthly Internet Explorer chat with team members. See http://www.microsoft.com/WindowsXP/expertzone/chats/default.mspx for details. The focus of this chat will be currently supported versions of Internet Explorer and is an opportunity to interact with members of the product team getting assistance and giving feedback. We will not be discussing any planned features or schedule for future versions during this chat, you can rest assured...
With the delivery of RC 1 of Windows Server 2003 & Windows x64 Client last month, we shipped not one but two browsers with the OS: a 32- and 64-bit version of IE6 for Windows Server 2003 SP1/x64. We had to make a choice with the 64-bit client as to which browser, the 32-bit or 64-bit, would be the default. Compatibility, performance, and interoperability all played a part in our decision, but ultimately our decision was swayed by the lack of 64-bit native controls. We found that in our own every...
My name is John Hrvatin and I’m the Program Manager for Internet Explorer setup. That includes installers for security updates as well as integrating IE into Windows setup for future releases. In the past, IE has used IExpress as its installer. With the release of security update MS04-038 in October 2004, however, IE has begun using the Windows Package Installer, or “update.exe”, for all IE security updates and hot fixes on the following platforms: • Windows 2000 (all service pack levels) • Windows...
On the Internet Explorer Community site there’s a new article covering personalising your browser by one of our Internet Explorer MVPs. There are some great tips there that the novice user might find very useful. This is part of a series of articles on the community site and I’d particularly call attention to the article Help Protect Yourself from Online Crime that has great advice whatever browser you use. Feedback and ideas for articles are appreciated. Thanks -Dave
There is now a new forum for discussions related to IE security: microsoft.public.internetexplorer.security Here’s the initial posting: Welcome Everyone, This newsgroup is dedicated to the discussion of Internet Explorer security issues. Questions/comments about browser security features, security updates, and IE security best practice are all topics for discussion here. To report a specific vulnerability in a Microsoft product, please contact secure@microsoft.com or visit: https://s.microsoft.com...
Greetings. My name is Mike Friedman. I’m on the Internet Explorer Security Test Team. In IE, the different areas of the Web are partitioned into a set of security zones. The topic I would like to talk about is programmatically adding sites to those zones. Zones were introduced in IE4 as a way to give users and admins more control, to strike a balance between user experience and gradations of risk. If you have a high degree of trust in a site, placing it in a lower-security zone can reduce the number...
We’ve just published an MSDN article on a tool called Fiddler . As the article explains it is very useful for http debugging and was written by Eric Lawrence one of the Program Managers on the IE team. Thanks -Dave
2005/2
This being my first post on the IE blog, I should introduce myself quickly. My name is Vishu Gupta; I am a developer on the IE team. There have been several posts in the recent past asking for more information on how does Internet Explorer sniff the content-type of a downloaded file. The whole thing looks totally inconsistent or should I say...non-compliant! Before reaching any conclusions here, let’s dig just a little bit deeper. During XPSP2, we gave a real hard look at the IE's content-type handling...
Part 1 of Security Issues That Aren't gave rise to a lot of interesting comments. Hearing back from you is really helpful in terms of understanding what issues folks are dealing with and where we need to focus our attention. To those of you who suggested I should worry more about security issues that are instead of those that aren’t : I do! That’s exactly why I chose the subject: The fewer non-security reports I need to investigate, the more time I can spend on more severe problems. So bear with...
Yesterday’s security updates for February 2005 include two critical updates relating to Internet Explorer: MS05-013 – has a fix for an issue with the DHTML edit control (CAN-2004-1319) MS05-014 - Cumulative Security Update for Internet Explorer These are both rated “critical” and affect all supported IE configurations from IE5.01 to IE6 for XPSP2. In addition, there is a third update to mention - MS05-008 - which contains a fix for a drag-and-drop vulnerability in the Windows shell code. You need...
A comment from Dave P on this blog touched on the interesting aspect of table rendering. Dave said “ IE renders pages differently from, say firefox. One of the noticeable differences is that IE waits for the entire page before displaying it. “ Actually this is not true and you can se from going to many pages that Internet Explorer does support progressive rendering of content as it arrives. This is true however for table rendering. When Internet Explorer encounters a table it measures all the content...
Today at RSA, Bill Gates talked about Internet Explorer 7. As the guy responsible for IE, I wanted to say a couple of things about it. First, some basics: we’re committing to deliver a new version of Internet Explorer for Windows XP customers. Betas of IE7 will be available this summer. This new release will build on the work we did in Windows XP SP2 and (among other things) go further to defend users from phishing as well as deceptive or malicious software. Why? Because we listened to customers...
My job is focused on receiving feedback from customers and there’s plenty of it. Feedback comes from a great many sources including corporate customers, product support teams, critical problem resolution teams, newsgroups, blogs, ISVs, web developers, colleagues, friends and family. One of the challenges of working on what is arguably the most used piece of software in the world is that there is such a broad array of customers with many different requirements. There are three broad categories of...
Wow, there are a lot of comments. I wanted to recap the main themes I read in the comments and use them as a roadmap for the topics that we will post about over the next few weeks. What have you guys been doing since IE6? What makes IE7 on Win2K so hard anyway? Standards, standards, standards… say something! What’s in IE7, or at least when can we find out? Don’t you understand that your product is fundamentally not secure because of (blank) and you should rip (blank) out? (I want to call out a comment...
Before I answer this, I want to acknowledge that we have a problem if people are asking this question. Listing what we’ve done or our priorities will help but won’t address the problem. Responding to specific questions with a great product and great documentation (for developers, for IT professionals, for deployment specialists, and for other customers as well), and doing that consistently for as long as we’ve been quiet about IE will help more. So, what happened after Microsoft released IE6? Mostly...
We’ve seen lots of questions about the IE7 announcement. Many of these we are not ready to answer and discuss at this time but there are two things that I can offer clarification on. Platforms. We currently plan to make IE7 available for Windows XP SP2 and later. This will therefore include availability not only for the 32bit version of Windows XP SP2 but also for Windows XP Professional x64 Edition and Windows Server 2003 SP1 both of which are due to be released soon. As Dean commented in his original...
2005/3
We received some good questions about how the JScript engine works in IE. What version of JScript is supported? The version of JScript included with IE6 is EcmaScript edition 3 compliant. I’ve seen some confusion recently with some even claiming that we do not support EcmaScript. In fact JScript, JavaScript and EcmaScript are all basically the same language with a different name. At one time Netscape used the name LiveScript before adopting the name JavaScript even though it was not related to Java...
I haven’t tried the Netscape beta yet, but I have read that it allows users to switch between the Gecko rendering engine (the one used in Firefox) and Internet Explorer’s rendering engine. I think this a good opportunity to write about the Windows Web Browsing Platform (the IE Platform) and its counterpart, the IE Browser. The Browser is easy to explain. It’s the blue e . It’s a nice presentation (with toolbars, a Favorites menu, etc.) of the IE Platform. The Browser is meant for end-users; the Platform...
Since this is my first post on the IE Blog, I wanted to introduce myself. My name is Kelly Ford and I’m part of the test team responsible for testing the user experience in IE. I also head up our accessibility testing efforts. Today I wanted to talk about three aspects of accessibility as they relate to IE and Windows in general. First is access to the Windows OS for individuals with disabilities, second are a couple of hints for users of screen readers using IE in XPSP2 and finally is a request...
With the Local Machine Zone Lockdown introduced in Windows XP SP2 an HTML file on your hard drive will no longer be able to run script and active content without user permissions being granted through the information bar and an additional prompt. This is part of the work to ensure that if you do get bad content on your machine it cannot run with elevated privileges and do nefarious things. Users should exercise caution whenever the information bar appears and be sure that this is really content they...
First of all, I’d like to introduce myself. My name is Chris Wilson; I’m the lead program manager for the web platform in IE. (I am NOT Chris Wilson the drummer for Good Charlotte. :^) ) I joined the IE team shortly before we shipped IE 2.0 in 1995, and worked in various releases for every major release from then until IE 6.0’s release in 2001. After IE 6.0 shipped, I worked on the Avalon project until I decided to rejoin the IE team four months ago. During my tenure on the IE team, I’ve frequently...
As a little kid, my dad read with me a lot; we usually read detective stories. While of questionable literary merit, those books developed in me a burning desire to figure stuff out, to pull back the curtain, to understand the mysterious. I still maintain that curiosity today-- I joined the IE team because I wanted to learn the browser inside out, and I developed Microsoft Fiddler to expose the secrets of HTTP in a user-friendly way. I recently came across a bug in the bug database for IE7 which...
My name is Tariq Sharif and I am a program manager in the IE security and networking team. I joined IE team shortly after Windows XP Service Pack 2 was released. Windows XP Service Pack 2 introduced many new security features for Internet Explorer, which can cause compatibility issues for some web applications and sites. In order to help solve such issues I am pleased to announce that the Internet Explorer Compatibility Evaluator (IECE) is now available. IECE is released as part of Microsoft Application...
With so many customers relying on IE, it helps to get a solid grasp of the Windows Lifecycle Policy , which at first blush can appear to be a bit cryptic. Fortunately I think I can shed some light on Microsoft’s policy with these simple rules: We support the version of IE that shipped with an OS or Service Pack for as long as the OS or Service Pack is supported We support the latest standalone version of IE (that’d be IE 6 SP1) on every OS that’s still supported (unless superseded by a newer version...
2005/4
Our documentation team has just completed updating our documentation covering how administrators and developers can control certain features. This includes the following articles:
About Zone Elevation
Introduction to Feature Controls
About URL Security Zone Templates
These documents are useful in understanding the security work undertaken in Windows XP SP2 and how it affects development. If you have any comments on this or any of our documentation on MSDN we’d appreciate the feedback...
From time to time, I've heard the question: "Why can IE only download two files from the same site simultaneously?"
Some more savvy users observe that this limitation probably makes sense in dialup cases where bandwidth is constrained or when lots of small files are being downloaded, since the TCP/IP slow start algorithm comes into play.
But for those of us lucky enough to be on broadband, this limitation can be annoying. If I want to download a large number of large files, I have to sit around...
Hello. My name is Al Billings and I'm a test engineer on the Internet Explorer test team posting to the IE Blog for the first time.
I want to announce that the April 2005 security updates are available and that a critical update for Internet Explorer is included:
MS05-020 – Cumulative Security Update for Internet Explorer (890923)
This contains fixes for the following vulnerabilities:
DHTML Object Memory Corruption Vulnerability ( CAN-2005-0553 )
URL Parsing Memory Corruption...
Jeremy Mazner just posted news on his blog that there is a position opening for a technical evangelist focusing on IE. That’s great news! Working either on or with the IE team is definitely a great experience.
Thanks -Dave
Quite a bit has been written about the Secure Sockets Layer (SSL) protocol and its successor Transport Layer Security (TLS), so I won't cover the protocols in detail here. The following are good references if you want to get a quick refresher.
Microsoft KB article describing the SSL Handshake
Wikipedia Overview of TLS
Happily, a majority of web users now know to look for the lock icon and the HTTPS in the address line to identify when their connection is secure. Unfortunately, relatively...
We’ve heard some great feedback on what web developers would like to see in IE7, both from the responses to my last post and from the resources I referred to. The rest of the team was cranking away while I was away on parental leave, and I wanted to share a few details about what they were doing: The first couple of things they’ve done are:
Support the alpha channel in PNG images. We’ve actually had this on our radar for a long time, and have had it supported in the code for a while now. We...
My name is Sam Fortiner and I’m a developer on the Internet Explorer team here at Microsoft. I joined the company about a year ago when I was given the opportunity to work on IE. Since then I’ve worked on several aspects of IE and recently settled down into the layout and display team. As part of my work in this team, I implemented support for per-pixel alpha in PNGs.
Support for per-pixel alpha in PNGs in IE, or transparent PNGs as I’ll refer to them going forward, has been called many things...
Internet Explorer 7 Beta 1 is fast approaching. A tiny but significant code change was checked in this week: Internet Explorer's new User-Agent string.
The User-Agent (or UA) string is sent along in the headers of every HTTP request so the server knows what type of browser is making the request. For a quick introduction on handling of the User-Agent string, check out George Shephard's article in MSDN Magazine.
Internet Explorer 7 User-Agent
As we updated the User-Agent, we considered application...
2005/5
I've received enough questions in email from different people about a recent vulnerability in another browser that I wanted to post something here.
I think the best place for the facts is with the people responsible for the browser. I say this based on the number of articles I read that misrepresent issues in Windows and IE.
I also think that security is an industry-wide problem. It's not limited or unique to operating systems or applications, or client or server software. It's not limited...
Hi my name is Markus Mielke and I am a Program Manager working with Chris Wilson on CSS and platform support. Today, I would like to talk about DOM Inspectors for IE.
For analyzing web pages and drilling down into problems on a page it becomes more and more important to have a DOM Inspector handy. Not a full fledged debugger but something quick that allows a user to explore their HTML document and understand everything going on with a specific element. For example, a window will display a tree...
Yes, IE7 has tabs.
In general, I think tabs are a great idea. I liked them a lot in Office dialogs and in Excel in the early 90's. (I used to work on Office, and I admit we almost added tabs to Word at one point.) I like them in Visual Studio. I think, as an industry, we have a ways to go in refining the experience, consistency, and value of tabs.
The main goal for tabs in our beta release is to make sure our implementation delivers on compatibility and security. The variety of IE configurations...
We’ve just confirmed an issue that has started to be reported on newsgroups and forums that after installing Netscape 8 the XML rendering capabilities of Internet Explorer no longer work. That means that if you navigate in IE to an XML file such as an RSS feed http://msdn.microsoft.com/xml/rss.xml or an XML file with an XSLT transformation applied then rather than seeing the data you are presented with a blank page.
We currently have the following work around for people that are hitting this issue...
Hey, I’m Tony Schreiner, a developer on the IE team. I’ve been working on IE for a little over a year, and at Microsoft for over six years. My personal blog is over here , but I'm posting on the official IE blog to help consolidate useful information about IE7.
My role has been to re-architect IE to support tabbed browsing. This work began last year and includes building a new frame (top-level window and chrome), sorting out how to host and switch between multiple instances of the browser, and...
There are two important events that will happen to the support policy for Windows 2000 after June 30th of this year.
First, support for both IE 5.01 SP3 and IE 6 SP1 on Windows 2000 SP3 will expire. Users running IE 5.01 or IE 6 SP1 on Windows 2000 should upgrade to Windows 2000 SP4 in order to continue to receive security updates.
Second, Windows 2000 SP4 moves from mainstream to extended support. The key difference between mainstream support and extended support which I think is most relevant...
2005/6
The Internet Explorer team has a number of positions open that we are working to fill with exceptional people.
Our newest open position is for a
Programming Writer position for work on the SDK documentation for IE7. If you search on the Microsoft Careers page, you can find out about our other open positions , which include Developers, Software Testers, Builders, even an Evangelist position. Come work on the most popular browser in the world and make a difference!
Before I joined the Internet Explorer team, I worked on the
Microsoft Office Online website. Handling massive amounts of traffic, we
faced some performance challenges that forced me to dig into the guts of HTTP
performance. The output of that effort was twofold:
Microsoft Fiddler , and documentation of some best practices for web
performance optimization. The latter has been summarized into a new MSDN
article which discusses Internet Explorer’s support for caching and compression,...
Hi, I’m Rob
Franco, Lead Program Manager for IE Security. Today I want to focus on clearing
up a few details about an important feature that we’re calling “Low-Rights IE”.
“Low-Rights IE” is one of several new features that we’re working on to help
keep users safe. It is a defense-in-depth feature, meant to back up and support
the many other security features.
First, while
most IE7 security features will be available in IE7 for Windows XP SP2,
Low-rights IE will only be available...
Before we start let me shortly introduce Adrian Bateman. He is the developer
currently working on our IE7 print experience. Since he works out of Microsoft's
offices in Reading, England, we are much better now at printing “tomatoes”.
Without further ado:
Today, there is a well known problem with
printing from Internet Explorer where the layout of the page sometimes
causes content to be cropped if it doesn't fit into the width of the paper.
We are working hard to improve printing...
Hi, I’m John Bedworth, the Development Manager for
Internet Explorer Security. I wanted to address some of the excellent questions
that came up in the feedback to Rob Franco’s " Clarifying Low-Rights IE " post.
How is "low-rights" IE
different than, in XP, running as a regular (limited) user? At home, I use a
limited user account--is there anything about low-rights IE that is different
than my situation?
The primary difference is that IE 7 on Longhorn
will be running...
Hello. My name is Jeremy Dallman. I am the project manager for Internet Explorer security bulletins.
I am announcing the availability of the June 2005 security updates . This group of security updates is available via Windows Update and includes a Critical fix for Internet Explorer.
Information about the IE Security update can be found at: MS05-025 – Cumulative Security Update for Internet Explorer (883939)
This security update package contains fixes for the following vulnerabilities:
...
We posted recently an
issue
affecting XML rendering in IE after an installation of Netscape 8. Netscape has just released an updated version that addresses this issue and is
available at
http://browser.netscape.com/ns8/
Thanks to Netscape for making
this update available so that this will no longer be an issue.
-Dave
Justin Rogers one of our developers, just posted an article on MSDN where he discusses memory leaks with Internet Explorer. This article helps developers by explaining the issues and some best practices to fix web pages that leak memory. This includes such different types of memory leaks including circular references, closures, cross-page leaks and pseudo-leaks. The issue of memory leaks in IE has been the topic of recent discussion elsewhere and while we hope to improve in this area in future versions...
Web developers often want to add rounded corners to their
pages. Since we have no plans to do native rounded corner support in IE7 (CSS3
feature), I want to point out that there is an article available on MSDN that
shows you how you can easily and efficiently implement rounded corners with IE
today. Enjoy!
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dhtmltechcol/dndhtml/roundcorners.asp
-- Markus Mielke
Earlier today, I went to downtown Seattle to Gnomedex 5.0, and stood up in front of 300 tech influentials, enthusiasts and leaders to talk about some really exciting things that we’ve been working on for the past several months.
The main thing I talked about is the deep platform support for RSS that we’re building into the next version of Windows codenamed “Windows Longhorn.”
We think that the RSS functionality in Longhorn will make it easy for users to discover, view and subscribe to RSS feeds...
I just wanted to post a quick follow up to Dean’s post about RSS in Longhorn.
My name is Sean Lyndersay, and I’m a senior program manager on the RSS team. After Dean’s announcement, we turned on our RSS Team Blog , and kicked things off with a post about the Simple List Extensions.
The RSS Team Blog will be the place to go for all things related to the RSS platform features in Longhorn. If the post has something to do with IE, then we’ll cross-post as appropriate.
The other great place for...
2005/7
Jeremy Dallman here from IE Security team with an update on the security advisory that Microsoft published last Thursday.
In the revised Security Advisory provided earlier today, we recommend disabling Javaprxy.dll by using the registry key update (A.K.A. “killbit”) that is available now from the Microsoft Download Center. You’ll find a link in the updated advisory. This killbit package will also be available on Windows Update soon.
- Jeremy
I just read
Art Manion’s perspectives piece on cnet . I agree with much of what he says
and encourage anyone who cares about browsers, security, or both, to read it. A few months ago, I offered
my opinion on this topic. We’re still open to feedback on this. We’re
getting a lot of it, privately, as we work closely with and listen to many
security experts as we build IE7.
As Art says, Windows XP Service Pack 2 made important
improvements. I strongly recommend XP SP2, whether you browse...
We’ve recently published some articles and a few updates on MSDN. Here are some particularly useful articles:
About Windows Restrictions outlines the restrictions around controlling windows in Windows XP SP2.
Faster DHTML in 12 steps contains some useful tips around performance in DHTML. Although this article is not entirely new it had been lost from MSDN and we felt it deserved to be resuscitated.
Handling MIME Types in IE outlines how MIME handling works in Internet Explorer.
As...
The IE team took some time recently to relax in the sun (well actually rain – we do live in Seattle).
Here is a picture of the unflappable Dave Massy and Jean Hartmann in Dave’s incredible motoring machine enjoying themselves at the event. Note that the color of Dave’s car is a variation of IE blue.
- Scott Stearns
Robert Scoble and I are going to give a keynote together at the Blog Business Summit on August 19 in San Francisco. Why? We think that RSS is becoming a critical tool for businesses to communicate with customers and we want that to happen even faster.
Robert will talk about how businesses can use RSS to create strong, ongoing connections with their customers. I’ll talk about how the RSS platform in Windows Vista will make tapping into the power of RSS easier, as well as some of the new opportunities...
Hi, I’m Patrick Mann , a security tester on the IE team. It’s a big week for me and a few other folks from IE, as we head down to Las Vegas to
attend Black Hat 2005. Expect to see some of the IE blog familiars (such as John Bedworth , Eric Lawrence , and Christopher Vaughan ) along with other members of the IE product team.
Personally, I’m very
excited at this opportunity to hear about the latest in security research. But
above all I’m looking forward to meeting folks, and putting some faces...
Beta versions of both Windows Vista (formerly codenamed “Longhorn”) and IE7
for Windows XP are now available. Back in
February we committed to releasing betas this summer. I’m sure it
surprises some people, but we did what we said we’d do.
How interested you are in actually running pre-release software should
depend on who you are. For example, I think that running pre-release
MSN Virtual Earth or the
Windows Antispyware Beta is interesting for everyone. I think
NetScan is less...
Yesterday, rumors were circulating stating that the IE 7 beta 1 release causes the Google and Yahoo! toolbars to vanish. As Dean stated in Scoble’s blog , we support Google’s and Yahoo’s (and anyone else’s) toolbar in Beta 1 and will do so in the final release.
In our internal testing, we have not encountered these problems in the released version of IE 7 tech beta. (There was a bug like this in earlier builds, so it’s possible that the report came from someone who had access to our pre-beta builds...
I’m very happy that we’ve shipped IE 7 beta 1. I wanted to make it clear
that we know Beta 1 makes little progress for web developers in improving
our standards support, particularly in our CSS implementation. I feel badly
about this, but we have been focused on how to get the most done overall for
IE7, so due to our lead time for locking down beta releases and ramping up
our team, we could not get a whole lot done in the platform in beta 1.
However, I know this will be better in...
As promised , I
want to talk today a little bit more about printing experience in IE7. Printing
is after navigation/search one of the most used features but it still lacks the
fidelity of like say a photo printing program. Why is that? Content for the Web
is in general not designed for printing. If laid out at 100% it generally
exceeds the space provided on the paper. In IE6, for example, you end up often
with cut-off right margins. Another very common problem when printing for
example...
2005/8
Hi! I’m Jane Kim, program manager for RSS in Internet Explorer. Now that Beta 1 of IE 7 for Windows XP and Windows Vista are released, I want to introduce to you the RSS features that are available in this release.
You may be asking what RSS is. It stands for Really Simple Syndication, and it’s a way for web site publishers to publish information from their sites. The publisher creates a specially-formatted file on their web site that contains the most recent items (news stories, blog posts, etc...
Security as a feature can be hard to measure. I
want to provide some insight into our security strategy so our customers and
partners can understand the direction we’re heading with Beta 1 and beyond to
Beta 2. All of the work the IE security team has done for IE7 is designed to
make you safer while you browse. While some of our work is front and center
like the Phishing Filter, a lot of the features are “under the hood” like
Low-rights IE and we hope you will never see them, just know that...
After some very long days and nights, the IE delegation is back from Vegas . Some sessions I found especially interesting:
Alex S & Scott Stender – Attacking Web Services
Jeremiah Grossman – Phishing with Super Bait tamos
Johnny Long – Google Hacking for Penetration Testers
They did a great job of highlighting the challenges of reconciling ease of use and security.
Even more valuable than the briefings were the informal meetings with security researchers and other members of...
The IE and RSS team is going to be attending the Microsoft Professional Developers Conference (PDC) this year between September 13th and 16th in Los Angeles. This is Microsoft’s premier conference for developers where you can learn from and connect with the development teams here. Visit the PDC site to learn more. We’re currently planning two talks for IE and RSS:
Internet Explorer: What's New in IE7 Internet Explorer is an essential part of the Windows platform, providing functionality that...
The IE August 2005 security updates are now available! This group of security updates is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . We encourage you to give MU a try.
Information about the IE Security update can be found at: MS05-038 – Cumulative Security Update for Internet Explorer (KB# 896727)
This security update package contains fixes for the following vulnerabilities:
JPEG Image...
Hi, I’m Aaron Sauve, Program Manager focused on features relating to the Internet Explorer user interface. One of these features is web search. Now that Beta 1 is out in the wild I would like to say a few quick words about what we have included and give some insight into where we are going in Beta 2.
Beta 1 includes a few simple enhancements to web search. Search is a critical aspect of web browsing, so we promoted web search to the top level IE frame and have included the ability to easily switch...
Hopefully, by now you’ve seen from our posts that there are a lot of new features and work going into IE 7. As part of this update, we’re refreshing our icon and logotype. We considered more radical departures from our current logo, but blue “e” with the ring is very recognizable and familiar to users, so we elected instead to make more subtle changes.
As you can see, the new “e” has more modern look, and the edges are a bit darker so the icon stands out better against different backgrounds...
Internet Explorer 7 includes a new URL handling architecture known internally as CURI. The new optimized URI functions provide more secure and consistent parsing of URIs to reduce attack surface and mitigate the threat of malicious URIs.
When designing our security strategy for IE7 , malicious URIs were near the top of the list because secure handling of URIs throughout IE is critical to the security of the system. Hence, a major architectural investment was made in CURI for IE7.
Unlike most...
Today we launched a new column on MSDN called “ Exploring Internet Explorer ”. Currently there is a single article there from Eric Lawrence on Zones and Proxies where he explores some of the interesting ways that the intranet zone and proxies can interact. We expect to add more articles to this column over the coming weeks. If there is a particular mystery of Internet Explorer that you’d like us to explore then let us know and we’ll add it to our list of future articles for this column. We’ll be...
As some of you have noted in the comments, I will be doing a keynote presentation at the Hack in the Box conference in Kuala Lumpur, Malaysia on September 28. The title of my presentation is “Internet Explorer Security Past, Present, and Future”. I’ll be talking about the kinds of threats we’ve seen, how we started to address them in Windows XP SP2, and our plans to go even further in protecting users in IE 7. I will also be demonstrating IE 7 on Windows Vista including features not available in...
The first Microsoft product I ever shipped, Windows 95, launched 10 years ago today. Around the same time we also launched Internet Explorer 1.0 (though with considerably less fanfare), which quickly gave way to IE 2.0 (which shipped with the Plus! Pack for Windows 95). 6 years later we launched Windows XP, which shipped IE 6.0. That’s more or less 1 new version of IE a year for 6 years. Of course the pace with which we ship versions of IE has dropped off since then with our most notable recent release...
For IE 7 we decided to make some changes to the way the <BASE> tag is handled to bring it up to spec and at the same time fix some really odd behavior. In the process we expect some people relying on the previous behavior to have to update their content otherwise they may find their site doesn't work exactly as planned. Most of the old functionality is still there, but there are some key differences.
To start, in previous versions of IE, you could place the BASE tag anywhere in the document...
My last post was intended to introduce our overall security strategy and the specific features in IE7 Beta1 for XP SP2 and Windows Vista. A lot of responses to my post were questions about why and how the Microsoft Phishing Filter in IE7 will check websites. We have also have heard from a number of site owners who want to know how they can correct an evaluation of “suspicious” or “confirmed phishing”. Before we continue posting on the rest of the IE7 security features, I want to let you know that...
2005/9
Based on some discussion in the Microsoft-WaSP task force , I wanted to explain a little more of the internal workings of IE to help web developers with their daily IE work. In this installment, you will find an article up on MSDN (as part of the ongoing “ Exploring Internet Explorer” series) about the implications of an element having a “layout”. There are several bugs in IE that can be worked around by forcing “a layout” (an IE internal data structure) on an element. The most famous workaround...
One of the purposes of releasing the IE7 beta is to collect feedback on compatibility with both websites and extensions and we continue to look at all the reports we receive of sites and applications not working. There are reasons for this such as the base tag change that we blogged about recently and also bugs that we are detecting that you’ll see addressed later in the project cycle. However the most common issue we continue to see for web sites not working are that they are blocking access or...
We've already started talking about a few of the CSS changes that are going to be available in IE 7 when we release, but there are a few hanging points that we haven't talked about yet or haven't covered completely. There are 3 specific items I'd like to talk about:
Using the root node wild card selector for IE only rules (* HTML) [strict mode only fix]
Multi-class selectors as defined by CSS 2.1 (.floral.pastel) [strict mode only fix]
Pseudo-element parsing sometimes flags rules as invalid...
I’ve been keenly interested in extending Internet Explorer since long before I joined the team last fall. MSDN provides some great documentation on how to extend Internet Explorer, but as a longtime IE enhancer, I’d like to highlight some of my favorite resources.
IE provides a number of mechanisms that permit software developers to extend the browser in powerful ways. You can add:
Toolbar buttons
Tools menu items
Context menu items
Toolbars
Download managers
Pluggable transfer...
Hi, my name is Tariq Sharif and I am a Program Manager on the IE Security team. One of the threats users face on the web is phishing. Today, I want to tell you about the Phishing Filter in IE7, a new security feature designed to dynamically warn users if they visit a phishing site. I’ll cover the filter service communication flow, show you what some of the filter notifications look like, how can you report a phishing site and most importantly I will let you know the process of reporting an incorrectly...
If you are here at the PDC you probably know that the Keynote presentation went much longer than expected today. Because of that, all of the lunch talks were cancelled, including my talk, “FUNL03 Case Study: building a more secure browser in IE7”. There was already a group of folks waiting in the audience. When the cancellation was announced, I gave folks the option to go forward with the talk and they voted with their feet to stay. We went through parts of the deck but we didn’t really get to explore...
I’m here at the Microsoft Professional Developer Conference 2005 in Los Angeles, and I just finished giving my presentation entitled "What’s New in IE7?" to a pretty full house (for a late afternoon session). I’m still pretty pumped up from my talk, but I wanted to share the features we haven’t previously mentioned (and repeat a few we have) for everyone who didn’t make it to the PDC. Expect to see more detail on these features in the near future here on the IEBlog, and of course these features will...
It’s our goal to make it easy for IE7 users to personalize their list of search providers. The user should be able to target their search directly to site of their choice: MSDN, Intranet portal, Team Sharepoint, PubMed, NYTimes, Costco, USPS, Amazon, WikiPedia, Ebay, Craigslist, etc. My last blog post mentioned we will be adding extensibility for Internet Explorer’s new Search Box in Beta 2. We’re announcing the API at PDC during Chris Wilson’s talk on IE7. Here are the details.
The scenario has...
As Aaron mentioned, the IE team collaborated with A9/Amazon on OpenSearch 1.1. This blog post is a story about how the collaboration took place.
IE7 Beta1 shipped with a set of 5 search providers and there wasn’t a way (short of hacking the registry) to add more search providers. When we started looking into how a site should describe itself, our first thought was the ‘src’ format . After all, it was pretty simple and it could describe how to construct the query to get the search result page back...
I realized as I read through the comments to my last blog post that I forgot to mention one important item that was in my presentation. We have fixed the DOCTYPE switch so it will skip an XML prolog, so that valid XHTML can be handled in strict compliance mode rather than quirks mode.
I’ve also been reading comments for some time in the IEBlog asking for support for the “application/xml+xhtml” MIME type in IE. I should say that IE7 will not add support for this MIME type – we will, of course,...
The developer community has asked for a long time: Where is the free developer toolbar for IE? We recognized the popularity of free IE tools like Fiddler and we listened to your feedback. I am glad to announce the next addition to our developer tool support: The IE dev toolbar. This tool will help developers to explore their HTML documents and understand everything about it.
With the IE Dev Toolbar you have several features at your fingertips to go deep into existing pages or pages that you are...
While Rob Franco and Chris Wilson were presenting and getting feedback at PDC, I spent most of my time in smaller discussions (for example, with Paul and Joe ) about the security work we’ve done in IE. The discussions reminded me that, before most of the team was working on IE7, before Rob posted about our overall approach to IE7 security, we heard three things about IE and security over and over: "take it out of the operating system (or integrate it less), get rid of ActiveX, and rewrite IE to be...
Hello, I’m Marc Silbey, a Program Manager focused on IE security. I’m back from my honeymoon and I want to follow-up to Rob’s last post on IE7 Security by providing you with more detail on Protected Mode’s compatibility features and by telling you about a related workaround to a known issue in the first Community Technology Preview (CTP) build of Windows Vista.
As Rob mentioned, Protected Mode helps to eliminate the silent install of malicious code through Windows Vista’s User Account Protection...
Tony Chor , Rob Franco , and myself are in Beijing today as we make our way to Kuala Lumpur for the Hack-In-The-Box conference . We have a great team over here in what we call the ATC (Advanced Technology Center). In the past 6 months they’ve gone from just starting to adding serious value to IE 7. The folks over here have already contributed to IE 7 by re-writing the select control which Chris Wilson alluded to in his post from the PDC . Other improvements that we’ll see come out of the ATC for...
Tony and Rob have just wrapped up their keynote here in Kuala Lumpur, and I wanted to make sure that the resources they talked about are listed here both for the benefit of the conference attendees who wanted to get to them and to everyone else who couldn’t be here today.
The talk spoke to how Microsoft’s Security Development Lifecycle (SDL) has influenced the development of IE 7. Specifically, and quite obviously if you’ve been reading this blog, IE 7 isn’t just about patching problems but about...
2005/11
Hello, my name is Jeff Varga and I am an intern from U.C. Berkeley on the IE team. One of my projects this fall is to help build the IE Developer Toolbar into a great product for the IE community.
We are pleased to release the beta 1 refresh of the IE Developer Toolbar . The community feedback was incredibly helpful in finding a lot of problems and in planning for new functionality. We’ve combed through the replies to the initial release blog post and on the IE wiki at Channel 9 . Please keep...
We’ve heard some concerns about the potential impact of recent IE updates, and I want to give you background on these updates so you can understand the impact.
It is a top goal of ours to keep users safe and web pages working as the author intended. The great majority of users and developers should not be negatively impacted by recent IE security changes. However, there is potential for any code change to change how a web page works, which is why we are very careful about deciding what changes...
On last Monday, Venkat mentioned some of the improvements made for the new version of WinINET.dll shipping alongside Internet Explorer 7. For developers in the audience, I’d like to note that the Windows Network Developer Platform blog is a great source of news about WinINET and other networking modules within Windows. Of particular interest to developers working with WinINET are the post on API Validation changes and the post on System.NET support for Internet Explorer proxy settings .
- EricLaw
The core of my team’s job is to make IE7 and Windows Vista so compelling so that people choose our products. The people who work on Windows want you to have a good experience, whether you use IE or not - for example, Windows Media Player has a Firefox plugin . I also recently got a chance to play with a new Firefox plugin that simplifies and improves the Windows validation process on that browser – since, as I said to Scoble a long time ago , it would be arrogant for the people working on a product...
Hello, I’m John Scarrow and am the general manager for the Anti-Spam and Anti-Phishing Team at Microsoft. My team developed and runs the Microsoft Phishing Filter you’ve seen for the current beta of Internet Explorer for Windows Vista and Internet Explorer 7 for Windows XP, and I wanted to follow up on previous posts about the Phishing Filter to highlight some news from today.
Today Microsoft announced agreements with three new data providers – Cyota Inc., Internet Identity and MarkMonitor – who...
Today I want to tell you about both our established plan to highlight secure sites in IE7 but also to tell you about some early thinking in the industry about creating stronger standards for identity on the internet.
IE7 will join other browsers like Firefox, Opera and Konqueror in making the experience for secure (HTTPS) sites more visible by moving the lock icon into the address bar. We think the address bar is also important for users to see in pop-up windows. A missing address bar creates...
2005/12
Every day, I get lots of email asking for a build of IE7 for XP. If you have an account on the internal Microsoft corporate network, I have a link I can send you.
For everyone else, we need a better answer than “We’re hiring; please come join us.” (That said, we’re hiring; please come join us .)
We’ll post an updated pre-release build of IE7 for Windows XP publicly – no MSDN membership required – during the first calendar quarter of 2006.
We want to make sure that everyone has an opportunity...
Internet Explorer enforces security rules for websites by grouping them into categories or “security zones”. Today we want to explain the changes to security zones you’ll see in IE7 so we should first clarify what the security rules are in IE6.
On the Security tab of Internet Options under the tools menu, you will see the Internet, Intranet, Trusted Sites and Restricted Sites zones. The rules for security zones control how each group of websites is allowed to interact with your computer. If you...
Just a quick paste of a comment on the Microsoft Security Response Center blog addressing the recent questions around the XSS issue we are investigating -
We've received some questions regarding a reported cross-site scripting (XSS) issue affecting Internet Explorer. Google Desktop was used in a proof of concept to demonstrate how, in some cases, this issue could allow an attacker to obtain sensitive information.
This issue may be a bit confusing because it is not really an XSS issue. A...
The IE December 2005 security updates are now available! This group of security updates is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . I would encourage you to upgrade to Microsoft Update if you haven’t already.
Information about the IE Security update can be found at: MS05-054 – Cumulative Security Update for Internet Explorer (KB# 905915)
This security update package contains fixes for the...
I recently posted about the search for an icon to represent feeds in IE7. We’ve found one. It’s orange. Check it out .
- Jane
We have received scattered reports of users experiencing odd browser behavior after installing our most recent security update . Some of you have reported opening a browser window that promptly hangs IE, others have reported opening links that render blank, and finally we have reports of multiple windows opening when initiating a browser session. After investigating several of these reports, we have traced these issues to a common source.
If a user has ever attempted to run IE7 Beta1 in an unsupported...
Hi, I am Vishu Gupta, a developer on the IE team. For the past year, I have been working primarily on CURI and International Domain Names (IDN) support. Browser support for navigating to URLs written in users’ native languages is critical for making the Internet truly international. IDN relies upon a standardized mechanism known as “Punycode” for encoding Unicode domain names using only the ASCII characters that are permitted by the DNS system.
After XPSP2 was released, I was asked to study and...
I wanted to give a quick pointer to the conference Microsoft will be hosting in March in Las Vegas: MIX06 , a “A 72-hour conversation between developers, designers and business professionals to explore high-fidelity commerce, content, media, services and security.”
Many IE team members will be there, myself included, and loads of other Microsoft teams involved in web technologies, including the Windows Presentation Foundation, the Atlas AJAX framework and Windows Live!. And yes, Bill Gates will...
2006/1
First let me introduce myself. My name is Uche Enuha and I am a recent college graduate hire to the Internet Explorer team. I am a Program Manager working on the User Experience team. Now to the main point. There is a new feature in IE7 called ‘Delete Browsing History’ that gives users an easy way to control the data stored by the browser.I am going to answer the three main questions that I think are going through your heads right now, I’ll let you meditate on the information and allow the excitement...
Hello, I am Kun, the first developer of IE Beijing team in Microsoft. Our team has been working on the Intrinsic Controls of IE in the past year. Among these controls, the SELECT element has been greatly improved. IE6’s SELECT element didn’t support certain properties, like z-index, title, and zoom. In IE7, we have re-worked the SELECT element. This new version has features and fixes that will make IE7 a better user experience. This is work that has long been requested by web developers and it is...
The MIX06 site has been updated to provide more details on the many sessions and discussions – for example, the session on “Making Your Site Look Great on IE7”. The site lays out the content and agenda, including the keynote with Bill Gates and Tim O’Reilly. It also describes the sessions led by Jeff Barr of Amazon Web Services as well as the content scenario tracks owned by Joe Belfiore (Microsoft, eHome division) and some guy named Dean Hachamovitch who claims to be on the IE team.
I’ve been...
Hello, I’m Sunava Dutta and I am a Program Manager in the Internet Explorer team.
I’m excited to mention that IE7 will support a scriptable native version of XMLHTTP. This can be instantiated using the same syntax across different browsers and decouples AJAX functionality from an ActiveX enabled environment.
What is XMLHTTP?
XMLHTTP was first introduced to the world as an ActiveX control in Internet Explorer 5.0. Over time, this object has been implemented by other browsing platforms, and...
Congratulations to the Seattle Seahawks on their awesome win yesterday and their first NFC championship! (The Seahawks are our local American football team.) We’re thrilled that the Seahawks are finally going to Super Bowl and can’t wait for the big game in two weeks.
- Tony Chor
If you’re a developer, an IT Pro, or just plain interested, please visit http://www.microsoft.com/windows/ie/ie7/ to try the IE7 Beta 2 Preview.
What’s a beta preview? It’s a release for everyone involved in making the Internet work.
Before we release a consumer-focused beta, we want to make sure anyone with a website can look at the changes we’ve made to our layout engine and the stricter user experience around security certificates. Developers should try out their toolbars, ActiveX controls...
Hi, I’m Jason Watters, a Program Manager on the Internet Explorer Team.
As Dean just announced, the IE7 Beta 2 Preview is now available for download. We hope you are looking forward to installing and testing it as much as we are looking forward to hearing your feedback on it. We have several different ways for you to send us your feedback.
First, you can post any questions or problems you have to the microsoft.public.internetexplorer.general newsgroup, either through a newsgroup reader or on...
I’m very excited we’ve released a public preview of beta2 that everyone can download. I’m also very happy that we’ve opened up a couple of different avenues to take your feedback. As Dean mentioned, there is a great checklist for site developers on the IE7 preview site ; I wanted to call out a specific item on that list.
Markus posted a while ago about the demise of CSS hacks in IE . We heard your feedback in the comments to that post, and we’ve put out a public preview release of IE7. I’d like...
Hi, I'm Al Billings. I'm a project manager on the Internet Explorer team. I haven't posted before but you have probably seen comments from me from time to time on the blog. I'm involved in the regular work with it. Today, we have been getting a lot of questions in comments on our blog posts in response to the release of the IE7 Beta 2 Preview. I wanted to try to wrap most of these up in one post so people don't have to hunt for answers to common questions.
Questions
Where can I read more...
2006/2
At the end of April of last year, we blogged about the new Internet Explorer 7 User Agent string. Since our original blog posting, we have also posted two new articles on this topic to MSDN: Understanding User-Agent Strings , and Best Practices for detecting the Internet Explorer version .
I’d like to provide a quick update to this topic for the Beta 2 preview version of IE7.
For the Beta 2 preview, we’ve removed the “b” from the user agent string. We made this change early in order to help...
Hello there, I’m Peter Gurevich, one of the many program managers on the IE
team. My primary feature area focus is on the rendering and display in the
browser, including the decoding and display of images and the rendering of
Text. I wanted to briefly chat with you all about a change to the way IE7
renders text.
You may have noticed that after installing IE 7, your fonts in IE and Outlook
Express look different. That is because IE7 has changed our text rendering to
use ClearType. I...
In my previous post , I gave a glimpse of what to come in IE7 and printing. Now that the Beta 2 Preview build is publicly available I like to walk you through all the additions we added to printing and print preview. Internal studies showed that printing is the second most used feature after navigation in a browser and traditionally has not seen the respect it deserves.
To address this IE7 focuses around 3 experiences:
Having a great default print experience
Intuitive UI, putting you...
Congratulations to the Pittsburgh Steelers on their fifth Super Bowl victory. Special congratulations to Ben Roethlisberger, the Steelers quarterback who wears the number 7. While we obviously wished things had turned out differently, we’re glad to see that 7 is a lucky number this year.
We’re proud of the Seattle Seahawks and are grateful for the great season they gave us all. We already look forward to next season.
Back to finishing up IE7 and making it great.
- Tony Chor
I am Jeremy Epling, a Program Manager on the IE User Experience team. One of my foci for IE7 has been improving the Favorites and History experience. I want to tell you about the new features we added and the motivation that was behind them.
The IE6 experience for managing your Favorites and History is fairly disjoint and inconsistent. In IE7 we wanted to address these issues as well as make sure that we had a great experience between Tabs and Favorites.
Favorites and History issues in IE6...
Hello again, I hope you have been enjoying the IE7 Beta. Today I want to briefly tell you about one of the cool new features we have developed for IE7: Page Zoom. This feature allows the user to effectively zoom in on a web page to make it easier to see and read. Studies have shown that approximately 1 in 4 people have some sort of vision impairment that makes reading on the web more difficult. I happen to be in that 25% so I am very excited about this feature and how it makes the web easier to read...
On Thursday Feb 9 th at 10:00AM PST there will be a public Expert Zone chat on Internet Explorer . The Expert Zone is a community of Windows enthusiasts and this is the Internet Explorer team’s turn to host a chat session. Members of the IE team will be available and ready to discuss Internet Explorer and of course the recent preview of beta 2 of IE7 is likely to be a hot topic. There is a limit on the number of people that the chat room can contain so unfortunately we cannot guarantee that everyone...
In a previous post , I introduced our Beta 1 search functionality and mentioned we would soon ensure you can add search providers to IE without executable code or a masterful knowledge of the registry. Now that we’ve released the Beta 2 Preview I’d like to take a few minutes to describe the two separate extensibility mechanisms we’ve introduced to make this happen: window.external.AddSearchProvider, and Search Discovery.
window.external.AddSearchProvider()
In Beta 2 any site can run a simple...
Many are content to spend all day clicking fancy looking buttons or menu items in order to get their tasks accomplished, but those who know the correct keyboard and mouse shortcuts can often get around applications more efficiently: Browsing the web with Internet Explorer is no exception. I want to take a minute to discuss a few useful shortcuts already available in IE6 that will help you get around the web, and then list some great new shortcuts we are providing in IE7.
First: Getting around...
Beta 2 of the developer toolbar is now available. Beta 2 includes numerous fixes to improve stability, usability and performance along with a couple of additional features such as the ability to enable and disable CSS on the page.
The developer toolbar has become an essential tool for us in diagnosing issues with web pages. Being able to click on an element in the page and find out where it is in the element hierarchy is just one of the invaluable facilities it provides.
Let us know if you...
Members of the IE team will be traveling far and wide over the next month, attending conferences and speaking with you, our customers, about IE7.
Look for us at RSA next week and Blackhat Europe , South by Southwest , and Mix06 in March. We’re considering attending ETech , and we’re looking at other conferences through the rest of 2006, so hopefully we’ll get to your corner of the world.
Be sure to look us up if you have any questions about IE7.
See you in San Jose, Amsterdam, Austin, and...
Hi, I’m Mike Friedman. I work on the IE team in the area of security. You may remember me from my previous IE blog post . We here on the IE team have a continuing focus on making web browsing safe from a variety of outside threats. Microsoft Windows Vista introduced an enhanced security model that we were able to build on in Vista's version of IE7. I want to tell you about a new major IE defense-in-depth security feature called Protected Mode. Defense in depth is a security principle that a system...
About once or twice a day, we get an email from someone asking why it is that IE 7 isn't detecting an RSS feed on a particular page that clearly has a feed associated with it.
Usually, this means that there's an RSS or XML button somewhere on the page. The user can visually tell that there's a feed, so why can't IE?
Well, feed auto-discovery works in a very simple way. Instead of trying guess the intent of the publisher and trying to figure out whether there's an little orange (or blue, or...
Hi, this is Uche again, I am back to talk about Quick Tabs, a visual way of managing tabs in Internet Explorer that complements the tabbed browsing experience quite nicely. This feature came about when we realized there were two main issues users were likely to encounter when browsing using tabs. First, as you open more tabs there is less space to show titles, making it difficult to identify a specific tab. Second, because many web pages have very similar titles picking the correct tab by title alone...
Several parties have made claims about how search works in IE7. I think those claims are awfully confusing, especially for anyone who has used the product. In this post, I want to describe our overall approach to how search works in IE7 and some of the thinking behind the current behavior.
For readers who only skim and don’t want the details, here is how IE7 behaves:
Ultimately, the user is in control with IE7. Adding to and modifying the list of search providers and choosing a default provider...
We didn’t introduce tabs in the Beta 2 Preview, but we did improve our experience a lot! We heard a ton of feedback from Beta 1, and made some great changes that I’m confident will be appreciated. I’d like to remind everyone about what we introduced in Beta 1, summarize the feedback we received, and then talk a bit about the big changes to look for in the Beta 2 Preview.
Remembering Beta 1
Not everyone saw our Beta 1 functionality, here are some highlights…
Putting tabs in Internet Explorer...
Hi, I’m Tony Schreiner , and as you may recall from an earlier post I work on the tabbed browsing architecture in IE7.
One of the new features in the IE7 Beta 2 Preview is the ability to suppress modal dialogs from background tabs. This addresses one common problem with tabbed browsing where a web site on a background tab can launch a dialog that must be immediately dealt with by the user. Even worse than the interruption is the risk that the user will not realize the dialog came from a background...
The IE February 2006 security update is now available! This security update is now available via Windows Update . Please note: this update only applies to IE5.01 SP4. Users running the supported versions of IE6 or later do not need to apply this update. Windows 2000 customers are encouraged to upgrade to IE6SP1. Windows XP customers are not affected by this update.
Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . I would encourage you...
One of the biggest challenges in making software more secure is maintaining compatibility with the existing functionality that customers depend on. We’re here at the RSA security conference in Silicon Valley to work with other software and security professionals to meet our customers’ expectations for safety and compatibility. While we have taken a great deal of care to preserve compatibility, the new security features in Internet Explorer 7 do change the way platform works and only testing with...
Hello. My name is Wujun Wang and I am a tester on the IE team in Beijing. My area of test focus is BiDi. Wait, what is BiDi? When I searched for “bidi” at http://www.Dictionary.com , it defined bidi as "A thin, often flavored Indian cigarette made of tobacco wrapped in a tendu leaf." So you know what I do. I am testing cigarettes! Well, not really. BiDi is a short name often used for the Unicode Bidirectional Algorithm ( http://www.unicode.org/reports/tr9/ ).
When text is presented in horizontal...
Hi, my name is John Hrvatin and I'm the program manager for Internet Explorer setup. I'd like to share some of the ways setup in IE 7 helps keep you more secure and IE running smoothly.
Prior to installing IE 7, setup runs the Windows Malicious Software Removal Tool to clean your system of known malware and help prevent problems installing IE 7 or running it for the first time. If you keep your computer up-to-date using Windows Update , which hopefully everyone does, you will already have the...
I am a program manager on the Internet Explorer team and in this post I would like to share what we are doing in the manageability, customization and deployment space. The two key features are IEAK 7 - The Internet Explorer Administration Kit , and GP - Group Policy in Internet Explorer 7.
Before going on to IEAK & GP, I want to briefly talk about some terms I have used ahead -
Deployment - The process of distributing and installing a software program on a number of machines. This becomes...
One more MIX plug, since it’s coming up fast. The IE talks have been posted to the MIX06 session list now, including “The Future of IE” discussion session where we will present an overview of our direction for IE beyond IE7, and hold an open discussion to take your input to shape the future of IE. There’s also a breakout session led by myself titled “Open, De Jure, De Facto and Proprietary: Standards and Microsoft,” where I will lay out how HTML, Javascript, C#, XAML, XHTML, XML, SVG, and other standards...
I just wanted to thank everyone who attended the IE Expert Zone chat earlier this month and point out that the official transcript is now available online . The chat was a lot of fun and included eating donuts as we typed answers furiously to keep pace with the questions. There is still some debate around the question that someone asked "Who is the nerdiest of the IE team ?" :-)
We do plan to hold these chats regularly on the second Thursday of every month so please join us on March 9 th for the...
As Rob pointed out in his last blog post on security and compatibility in IE7 , one of the biggest challenges in software development is making the software secure and compatible at the same time. In IE7, we have many new security features that help protect users against various attacks by blocking certain content, but as a consequence, some web applications may no longer work as they used to. To help web developers and IT professional find such compatibility issues, IE7 offers an application compatibility...
2006/3
My name is Brian Trenbeath, a Program Manager on the Windows Vista team, and I would like to take a quick moment to tell you about the new set of Family Safety features coming with Windows Vista.
First, many thanks to the IE team for allowing me time on their blog to tell you about this exciting new feature area that is coming with Windows Vista!
Parental Controls on Windows Vista is a new, much anticipated part of the overall Microsoft Family Safety story. With Windows Vista, tools are now...
Hello World! I’m Sharon Cohen, Program Manager for parental controls in IE7. If you haven’t heard about Windows Vista Parental Controls, be sure to read Brian’s blog post which gives a great overview of the feature. I’d like to fill you in on the great features IE7 adds to Windows Vista Parental Controls.
IE7 offers two features which will enhance the Windows Vista Parental Controls experience for both parents and children. As Brian described, when Parental Controls have been enabled on a child...
I am sitting here with Molly Holzschlag and Andy Clarke at the W3C Technical Plenary meeting in Mandelieu, France and I am showing them our latest bits, which we plan to hand out for the MIX06 conference (and yes, we’ll hand out publicly after the conference too). They wanted to give me a little challenge and asked me to show them 2 of their favorite pages: Gemination, Egor Kloos’s progressively enhanced CSS Zen Garden design and Malarkey’s personal Web site. Here are Molly’s and Andy’s responses...
Hi. My name is Bill Hill, and I’m one of the original inventors of ClearType. My job at Microsoft is Director of Advanced Reading Technologies. The ClearType and Readability Research Group which handles the ongoing development of ClearType reports to me.
Our team’s mission is straightforward: "Research and develop innovative technologies that improve reading on the screen for Microsoft customers worldwide". Surprisingly, reading’s the major task for which people use their computers ...
Walter has posted details about the RSS Screensaver sample that’s recently gone live on MSDN.
If you have IE7 Beta 2 Preview installed (and who doesn’t?), subscribe to a couple of photo feeds (RSS feeds with pictures as enclosures – examples are in Walter’s post) and the screen saver will automatically pick them up using the Windows RSS Platform that powers IE7’s RSS features.
More samples using the RSS platform will be coming soon. Of course, if you have any of your own, let us know about...
On Thursday March 9 th at 10:00AM PST it will be time for the monthly Expert Zone Chat with the IE team. Members of the Internet Explorer team will be present to discuss the product and answer your questions. These chats are always a lot of fun with team members typing answers furiously to keep pace with the incoming questions. As always we’ll publish a transcript of the chat later for those unable to attend. Look forward to seeing you there.
Thanks
- Dave
Hi, this is Max and Uche from the user experience team. We want to talk to you about what we call the Fix My Settings feature. You will encounter this if you set your security settings to an insecure state whilst in the Internet or Restricted zone. When you choose an insecure setting two things will happen:
An information bar will appear at the top of the browser with ‘Fix Settings for Me’ as the first menu option.
In place of your homepage, you will see a warning page on startup of IE....
As we’ve described
previously, we’ve made some major architectural improvements to improve browsing
security in Internet Explorer 7, including
Protected Mode ,
Phishing Filter ,
Enhanced Validation SSL , and other features in support of our overall
security strategy .
Our commitment to security goes both broad and deep-- While the major new features described above have received a lot of press, I’d like to mention just a few of my favorites
among the myriad tweaks we’ve made...
The transcript of last week’s Expert Zone chat is now available. The chat was a lot of fun and the team managed to answer over 160 questions during the hour. This month we were fortified by home baked chocolate espresso bars, next month I expect we’ll return to donuts to keep us going.
The IE Expert Zone chats take place on the second Thursday of every month at 10:00AM PST. The next one will be on April 13 th and we hope to see you there.
Thanks
- Dave
Hi, I’m Cyra Richardson, relatively new Lead Program Manager on the IE team. As the new person, I was handed the opportunity to coordinate the content for the IE team’s participation at MIX06 . It’s Friday, Tony is running on next to no sleep, Peter is running around trying to make sure the latest IE bits are on the Sandbox Machines, Markus is practicing his demos and Al was bugging me to write a blog entry. The pace before every show is frenetic; MIX06 is no different.
Cats in the Sandbox
...
Today is the first day of the MIX06 conference. Internet Explorer team members are presenting this week on much of the work we've done for IE7. As part of the conference, we're handing out the "Internet Explorer 7 Readiness Toolkit" on CD. This toolkit has a roll up of the IE7 information we've published previously and some new features for those attending MIX06.
One of the other items on the CD is an updated build of IE7 for MIX06. This is build 5335 of IE7. In order to give something to those...
I’m really excited for my talk tomorrow here at Mix06 . This conference feels more like a party than work. We’re free from the blue-shirt uniform of normal conferences and I’ve tried to make my talk all content - no slides (ok, there are a few slides for folks who don’t see the live show). I’m trying to dodge the late night party crowd until after my talk but I hear that Phoebe has been hanging out with Chico and James of the Debarge family.
During his keynote, Bill Gates teed us up to talk about...
As some of you noticed the developer toolbar ceased to function in the refresh preview build of IE7 made available earlier this week. We made some changes that affected the dev toolbar so we shipped a newer version to line up with the new build of IE7. A refresh of beta 2 of the developer toolbar is now available that will function in the latest available builds of IE7 as well as IE6.
As always we really appreciate all feedback on the developer toolbar. This tool for web developers is currently...
Thursday, March 23 rd and I am sitting in the airport heading home from MIX06. It was a great conference with very good customer interactions. Also hanging out with Eric , Molly , Andy , Tantek and Dave was a lot of fun.
Yesterday, I had my talk, “ Making your site look great in IE7 ”. Even though the title implied that the talk was only on IE7 the real focus was on making standard based designs great on IE7 and other browsers. To prove that I ran the audience to a CSSZenGarden inspired demo,...
Many customers have asked us about having a better way to enter IE bugs. It is asked "Why don't you have Bugzilla like Firefox or other groups do?" We haven't always had a good answer except it is something that the IE team has never done before. After much discussion on the team, we've decided that people are right and that we should have a public way for people to give us feedback or make product suggestions. We wanted to build a system that is searchable and can benefit from the active community...
Hi, My Name is Stephen Anacker and I am a tester working on IE7 setup. I have read that a number of you have seen the following error when attempting to install the IE7 preview:
“Error loading C:\WINDOWS\system32\msfeeds.dll The specific procedure could not be found.”
This error is permissions on registry key X (usually hkcr\.tif) being set to read only on the system. I want to talk about a couple of things to give some help in working around this bug and to explain what is happening.
We...
For new information on the IE ActiveX Update, please see Mike Nash’s announcement .
Due to the sensitive nature of this issue, we are not taking comments on this post. Thanks for your understanding.
- Tony Chor
There are two posts on the RSS team blog about the use of the Simple List Extensions , which have been implemented by IE7 and the Windows RSS Platform.
The first is Simple List Extensions in action , and it shows examples of live sites (like Amazon.com, eBay and Yahoo) using the RSS extensions to add sorting and filtering capabilities to their feeds.
The second is a longer post on Understanding Lists and SLE , which explains why RSS list feeds are useful and how they work (with diagrams!)....
To learn more about how IE works with the IE ActiveX Update and the options at your disposal to control the user experience of your web pages, please review this article on MSDN.
You can try out the new behavior today on released versions of IE6 or IE7 Beta 2 Preview .
Again, due to the nature of this topic, we are not taking comments on this post.
- Tony Chor
2006/4
Hey there, Peter here. I am really excited to tell you about the new horizontal scrolling feature in the Beta2 preview refresh as well as other enhancements we are working on for Page Zoom.
We have received a lot of great comments and feedback from our customers about Page zoom and number of great suggestions. Thanks, we really appreciate it. We are working on how we can improve the Zooming of background images as well as how to stay centered when zooming on a centered page.
The biggest feedback...
Hello again. This is Peter Gurevich, Program Manager for all things rendering and display related on IE. How are all of you enjoying the IE7 Beta 2 preview refresh?
I have been thinking a lot lately about the nature of Time. Now before we launch off into some big Physics discussion (which would be fun) I mean HTML +Time. I want to use this blog post as an opportunity for all of you to discuss and provide feedback on how you use it in your sites.
How do you currently use HTML + TIME? Have you...
Members of the IE team will be online for an Expert Zone chat this coming Thursday April 13 th at 10:00AM PST. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. A transcript will be published after the chat and transcripts of other recent chats are available.
These chats are a lot of fun as we all type furiously to keep pace with the questions being asked. Please join us for the chat if you can.
Thanks, - Dave
Hey everyone, Christopher here with another in a string of Windows Lifecycle reminders .
Windows 98, Windows 98 Second Edition, and Windows Millennium are due to expire after July 11 th of this year. Please read this posted article , which contains all the details about the timing and implications of the change.
All Windows 98/SE/ME users are encouraged to upgrade to a supported version of Windows (such as Windows XP SP2).
Thanks,
- Christopher Vaughan
The IE April 2006 security update is now available! This security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates available via the new Microsoft Update . I would encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 10 security issues: 8 remote code execution vulnerabilities, one information disclosure vulnerability and one spoofing vulnerability. For more information on the contents of this...
Just a notice that the April Security Update for IE also contains a non-security change to the handling of ActiveX controls, as we’ve previously mentioned . Again, due to the nature of this topic, we are not taking comments on this post.
- Tony Chor
The transcript from yesterday's IE chat is now available online . The chat was a lot of fun and donuts kept us going as we answered more than 120 questions in the hour available. In the photograph you can see from left to right Peter Gurevich, Amy P (hiding behind Peter), Chris Wilson, Max Stevens, Uche Enuha and Cyra Richardson with donuts in the center of the table as they all type answers to questions at a furious pace.
There's also a news article covering some of the answers in the...
Back in October, we blogged about some of the HTTPS improvements we’re making to IE7. At the time, we mentioned that we have encountered some HTTPS servers which claim to support TLS, but violate the RFC and “hang up” when extensions are received during the HTTPS handshake process. On Wednesday, Windows Networking GPM Billy Anders posted to the Windows Networking team blog , explaining why buggy TLS servers will result in connection failures when Windows Vista clients send TLS extensions.
The...
This evening we released IE7 Beta 2 at http://www.microsoft.com/ie . This release is not the preview or the update to the preview, but the real Beta 2 of IE7 for Windows XP SP2, Windows Server 2003 SP1, and Windows XP 64-bit Edition. Simply: please try it.
We acted on a lot of the feedback and bug reports from the previous public releases. In particular, I feel good about changes we made based on reports from web developers around some CSS behaviors, application compatibility feedback, reliability...
Hi, this is Al and I wanted to talk about feedback and support for Beta 2 of IE7 now that it is available.
There are two main avenues for feedback for Beta 2, which are newsgroups and the Internet Explorer Feedback site.
Internet Explorer Feedback
As I posted about on March 24 , we have a site live to collect bug reports and product suggestions for future versions of IE. I'll have a blog post soon about how that is going and top issues but the site is especially important for Beta 2. The...
Hi, I’m Tina Duff one of the IE Program Managers focused on improving the customer experience around IE - including the IE add-on web site. It sounds simple, but this means ensuring that wherever IE is talked about on Microsoft.com, it’s technically correct, easy to navigate, and provides the information customers want. We quickly realized that we should do a better job making all the great add-ons to IE that developers have created easier to find and download. Thus the new IE add-on site was born...
Hi all,
I just wanted to point out that we have also included an entry called 'Give Beta Feedback' under the Tools menu in the command bar that directs you to a webpage with the list of all the ways mentioned in Al’s feedback post of getting information back to us about Beta 2.
Check it out!!
- Uche
I posted previously that in IE7, the user is in control of search, and that changing the default search provider (as well as modifying the list of search engines in IE7’s list) is easy. In this post I’ll describe some of the specifics and recap feedback we’ve gotten from users.
The short version: the search box in IE7 is not Microsoft’s. It belongs to the user. Our guiding principle for the search box in IE7 is that the user is in control. Read on for details.
The Default . The typical default...
2006/5
My name is John Hrvatin and I’m the Program Manager for IE setup.
Some customers have reported that after successfully completing IE7 setup, they do not have a tab band. I’d like to shed some light on this issue and offer a solution.
IE’s tab implementation depends on xmllite.dll which is installed with IE7 but through a separate installer bundled within the IE setup process. If you extract the contents of the IE7 installation package and run update.exe directly, you will skip this step which...
This morning there are some new sessions and videos available that feature the IE team.
All of the Mix06 conference sessions are now available online. There are some great sessions to check out including the following ones from the IE team:
NGW042 - Making Your Site Look Great in IE7 - The tools Markus shows in his talk are available here .
NGW006 - Making Your Site Work with IE7 Security
NGW028 - Open, De Jure, De Facto and Proprietary: Standards and Microsoft
NGW048 - The Future...
After endless nights and countless slices of pizza, the IE team is proud to
announce the availability of Arabic, Finnish, and German versions of IE7 Beta 2
in addition to the
English versions we released a week and a half ago . We are also on track to
deliver Japanese versions of IE7 Beta 2 on Monday, May 8 th , at 9:00PM
PST.
You can download IE7 beta 2 from the following locations:
Arabic
http://www.microsoft.com/windows/ie/ar-xm/betadownload.mspx
Finnish
http://www...
When we shipped the Microsoft Phishing Filter in Internet Explorer 7 Beta 1, many readers on the blog asked: if the Phishing Filter is checking suspicious URLs against a web service, how would Microsoft protect user privacy?
We know that for customers to benefit from the work we put into the Phishing Filter, they have to trust us enough to use it. As you’ve been hearing for years, Microsoft now engineers our products to be more secure by default. In the same way, we engineered the Phishing Filter...
Members of the IE team will be online for an Expert Zone chat this coming Thursday May 11 th at 4.00PM PST. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. A transcript will be published after the chat and transcripts of other recent chats are available.
These chats are a lot of fun and we hope you will join us for the chat if you can.
Cheers - Uche
Hello everyone,
I wanted to let the readers of the IEBlog know that the torch is being passed today on the blog. A fellow program manager, Anurag Jain, is taking over running the day to day activity and moderation duties that keep this blog going on the IE team. You should expect to see posts and comments from him in the future as the official moderator (or “Blogfather” as we call it) for the IEBlog. Please treat him with the love and affection that you have shown me. :-)
Today is my last day...
Hello everybody,
My name is Anurag Jain and I am a Program Manager on the IE team. I am also involved in the sustained engineering efforts to support IE6, and chances are that I might have spoken to some of you on the phone. I would like to thank Al for the great work he has done here, both with the IE blog and his other duties, and wish him the very best in his future endeavors.
I hope everyone is enjoying the second beta of IE7. Keep sending us your feedback!
- Anurag
The transcript from the May 11 th chat is now available online . The Chat was fun as usual and we had a blast. People seemed very excited with IE7 Beta 2 and were curious about what to expect in Beta 3.
You can find out when the next chat will be at http://www.microsoft.com/windowsxp/expertzone/chats/default.mspx . We typically hold the IE chats on the second Thursday of every month.
Cheers Uche
In my last blog
post I mentioned how important compatibility is, for example, you might see
a certificate error page and would like to know what the problem with the
website digital certificate is. In order to help you get ready for IE7, the IE
team released a small
tool that can be used to find compatibility issues when using IE7 beta
builds.
I am happy to announce that Microsoft has released a beta of the fully
featured compatibility tool, the Microsoft Application Compatibility...
Hi there! My name is Laurel Reitman and I’m a Lead Program Manager on the Internet Explorer team working on our Programming Model. I had the pleasure of attending the AJAX Experience May 10th-12th down in San Francisco. A big thanks to Ben & Dion from Ajaxian.com for hosting the conference.
It was a great opportunity to sit down with developers who are building AJAX-style web sites as well as developers who are building tools to make it easier for others to build rich applications. I feel...
If you’re at the WWW2006 conference here in beautiful Edinburgh Scotland, you’ve probably seen a number of great presentations already such as yesterday’s discussion on Identity Management featuring Kim Cameron from the Infocard team. Today (Friday) I’m sitting on a panel called Phoiling Phishing hosted by Harvard Researcher Rachna Dhamija , where we’ll focus more specifically on the issue of Phishing and techniques browsers can implement to “phoil” the attacks. I hope you’ll come to discuss if you...
With the release of Windows Vista Beta 2 , I want to announce that we will be naming the version of IE7 in Windows Vista “Internet Explorer 7+”. While all versions of IE7 are built from the same code base, there are some important differences in IE7+, most significantly the addition of Windows Vista-only features like Protected Mode, Parental Controls, and improved Network Diagnostics. These features take advantage of big changes in Windows Vista and weren’t practical to bring downlevel. The IE7...
2006/6
Hello, Eric Lawrence here from the IE Networking team. I’ve seen a few bug reports and blog comments regarding an observed change in IE7 Beta 2’s caching behavior, and I wanted to post a quick explanation about the situation and assure you that it will be resolved in the next beta.
In IE7 Beta 2, we made a change our handling of the Post-Check and Pre-Check extensions in the HTTP Cache-Control header. If you’re not familiar with these extensions, you can get a quick overview here: http://msdn...
Members of the IE team will be online for an Expert Zone chat this coming Thursday June 8 th at 10.00AM PST. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. A transcript will be published after the chat and transcripts of other recent chats are available.
These chats are a lot of fun and we hope you will join us for the chat if you can.
Cheers - Uche
Over on the Ajax Blog, Dion Almaer passed on an important tip from Brent Ashley and Tim Aiello for AJAX developers – to have your cross-browser AJAX work better with IE7, you really should be invoking the native XMLHttpRequest (the cross-browser one) first to see if it’s available before instantiating the ActiveX control, instead of the other way around.
In addition to the reasons that Brent and Tim discovered, I’ve seen a bunch of code that creates the XMLHttpRequest object, uses it for a request...
We often talk with our partners about all the ways they can take advantage of the extensibility in IE7. Today, Yahoo! released something new and (I think) pretty cool. “Internet Explorer 7 optimized by Yahoo!” presets the homepage and search to Yahoo properties. Of course, users can easily change the settings just as they can with the standard version that we ship. The Yahoo! version of IE7 is available now on the Yahoo site .
Yahoo! used the beta version of the Internet Explorer Administration...
Hello, we are Durga and Bala, from the IE IDC team. We would like to describe to you, a new feature in Internet Explorer 7 and 7+, Reset Internet Explorer Settings. We have heard from users on their need to recover Internet Explorer to a workable state if it reaches an unusable state due to spurious add-ons, incompatible browser extensions, spyware or malware. Reset Internet Explorer Settings (RIES) provides a one-button solution to get Internet Explorer settings to its workable state.
Internet...
The IE cumulative June 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 8 security issues: 5 remote code execution vulnerabilities, one information disclosure vulnerability, one information disclosure/spoofing vulnerability and one spoofing vulnerability. For more information on the contents of...
The June Security Update for IE also contains a non-security change to the handling of ActiveX controls; this is the same functionality that was contained in the April IE Security update . However, unlike the April release, there is no publicly available Compatibility Patch. If your company has issues with the timeline of upgrading applications, please work with your Microsoft Account Team or specific ISV (application provider). Again, due to the nature of this topic, we are not taking comments on...
The transcript from the June 8 th chat is now available online . The chat was a lot of fun as we kept up with the frantic pace of answering the stream of questions in the hour available. Donuts, as usual, kept us going. Keep an eye on the chat schedule at http://www.microsoft.com/windowsxp/expertzone/chats/default.mspx for upcoming chats. We typically hold the IE chats on the second Thursday of every month. Thanks to everyone who showed up for their feedback and we hope to see you at the next chat...
We got a lot of feedback that people were unable to add photos to their MSN Space using IE7 Beta 2. The MSN Spaces update fixes this issue while adding support for a lot of other cools things, like modules for daily tasks and those including Windows Live Gadgets .
So test it out, upload your photos and keep sending us your feedback.
- Anurag
My short interview with Window Snyder from Matasano has
been posted over on their
blog . Check it out!
-Christopher Vaughan
Hi, I’m Aaron Kornblum, Internet Safety Enforcement Attorney at Microsoft, and a member of Microsoft’s global team committed to help fight cybercrime and protect our customers while they are online. As a parent, former Air Force prosecutor and civil litigator, and now in-house corporate counsel focused on Internet Safety, I am increasingly concerned by the proliferation of cybercrime and, in particular, online fraud such as phishing. My IE colleagues have invited me to share with you the news of...
Hi, I’m B. Ashok, the Product Unit Manager for Web Development Tools – we have our own team blog ( http://blogs.msdn.com/webdevtools ), but I wanted to post over here to discuss a change my team has made which has an effect on users of IE7+ in Windows Vista. Specifically, we are removing the DHTML Editing Control from the Windows Vista product.
The DHTML Editing Control shipped in Windows XP and Windows 2003 Server, in a file called dhtmled.ocx. This file contained two flavors of the control:...
This morning we released IE7 Beta 3 for Windows XP. This version includes improvements in reliability, compatibility, security, and a few end user features. Give it a try at http://www.microsoft.com/windows/ie/default.mspx .
Based on your feedback, we’ve made some changes to IE7. Beta 3 returns the email button to the toolbar customize dialog (one of the most requested features), and enables reordering of tabs by dragging them to the left or right. In this version you can also scroll horizontally...
We’ve noticed questions/comments/confusion about uninstalling IE7 so I wanted to highlight one of our FAQs and add a little more detail.
Uninstalling IE7 will leave you with a fully-functional IE6 and allow you to install the latest release, IE7 Beta 3 , which we recommend for all IE7 beta users so they benefit from the latest bug fixes and security updates.
To uninstall Internet Explorer 7 Beta 2, Beta 2 Preview, or Beta 1:
Click "Start", and then click "Control Panel"
Click "Add...
Hi everybody, Max here. I posted before about " A New Look for IE ” back when we released the beta 2 preview, and with the launch of beta 3, I wanted to take a moment to tell you about some of the new functionality we have added and changes we have made specifically related to your feedback.
First and foremost, let me thank everybody who has put the time and effort towards giving us feedback, whether it’s through our connect site , participating in our monthly online chats , talking with us at...
Hello, this is Kelly Ford, a test lead on the IE team and a big keyboard user of Internet Explorer.
In an earlier post, Aaron Sauve provided The Keyboard Lover’s Guide to IE . The IE community has given us quality feedback on our keyboard model during the beta cycle, and in beta 3, we have tried to bring more predictability and consistency with earlier IE versions in response to this feedback. In beta 3, we have made some changes in hotkey assignments, added some new hotkeys, and changed keyboard...
2006/7
If you plan to use Complex Scripts (like Arabic, Hebrew, Thai, etc), you should ensure that you have support for complex scripts installed. I know that sounds obvious, but we wanted to make sure people know how and why to do this. Let us examine this in detail using an international URL issue that Dean recently encountered while dogfooding IE7.
What is the issue?
Internet Explorer will sometimes display Right-to-left (RTL) languages such as Arabic or Hebrew, in the address bar in left-to-right...
It’s that time again! Members of the IE team will be online for an Expert Zone chat this coming Thursday, July 13th at 10:00AM PDT (5:00PM GMT). These chats are great opportunities to have your questions answered and hear from members of the IE product team. A transcript will be published after the chat and transcripts of other recent chats are available.
These chats are lots of fun and we hope you will join us for the chat if you can.
Cheers, Uche Enuha Program Manager
Edit: Added the hyperlink...
The IE team is proud to announce the availability of Arabic, Finnish, German and Japanese versions of IE7 Beta 3 in addition to the English versions we released a week and a half ago .
You can download IE7 Beta 3 from the following locations:
Arabic: http://www.microsoft.com/windows/ie/ar-xm/betadownload.mspx Finnish: http://www.microsoft.com/windows/ie/fi-fi/betadownload.mspx German: http://www.microsoft.com/windows/ie/de-de/betadownload.mspx Japanese: http://www.microsoft.com/japan/windows...
The transcript from the July 13 th chat is now available online . The response to Beta 3 has been great and people are overall happy with the recent improvements. There were a bunch of us and we enjoyed answering the stream of questions as they poured in.
You can find our chat schedule at http://www.microsoft.com/windowsxp/expertzone/chats/default.mspx . We typically hold the IE chats on the second Thursday of every month. Keep sending us your feedback and see you at the next chat!
Cheers,...
I am happy to announce the Beta 3 release of Internet Explorer Administration Kit 7 [IEAK 7]. IEAK 7 allows enterprises, ISPs, ICPs, OEMs to create custom packages of IE7 on XP or IE7+ on Windows Vista. If you are looking to provide your IE7 users with your own default set of preferences, toolbars etc, read on.
Some of the common customization scenarios for IE7 are:
Customize your users’ IE7 with related home pages, feeds, etc. Create a version of IE 7 that has these values and make it...
For nearly a year now, I’ve been following a cool social browsing addon called StumbleUpon . As of last week, the StumbleUpon addon is available for Internet Explorer, and is one of my favorite addons.
Here’s how it works: As you browse the web, whenever you come across a page that is particular interesting to you, you can click the “thumbs up” button in your toolbar. And if you don’t like a page, you can hit the “thumbs down” button. You don’t have to rate every page, just the ones you feel strongly...
In our previous post about IE’s Reset Internet Explorer Settings feature, we’ve discussed how incompatible browser extensions, add-ons, spyware or malware can cause compatibility issues such as application hangs in IE7.
In this post, we wanted to go into more detail about how to troubleshoot with Internet Explorer 7. So, how does one go about identifying the cause for toolbar or add-on program problems?
To identify if an incompatible browser add-on or extension is at the root of your troubles...
As we get close to the final availability of Internet Explorer 7, I want to provide an update on our distribution plans. To help our customers become more secure and up-to-date, we will distribute IE7 as a high-priority update via Automatic Updates (AU) shortly after the final version is released for Windows XP, planned for the fourth quarter of this year.
During the past year, we’ve discussed many of the advanced security features in IE7 that will help make our users more secure, including ActiveX...
Hello again!
If you are already using Internet Explorer 7 you might have noticed our tab settings. Perhaps you already changed one or more of them to better suit your browsing habits.
Whenever we create a setting, we always have many discussions about what its default should be, what it should be called, and where it should go. In some cases we have great information (such as usability studies, customer surveys, and instrumentation) to help guide us in our decision making. In other cases we...
Domain names are not limited to ASCII any longer, and as the web is growing more and more domain names now contain characters from other character sets. Such domain names are called Internationalized domain names (IDN), for example http://ايكيا.com is a domain in Arabic for IKEA. IE7 added support for IDN in Beta 2. We listened to your feedback during Beta 2 and we are changing the principles of IDN to accommodate the way customers want to use international characters on the web.
Preventing IDN...
2006/8
Are you developing on the Windows RSS Platform? If so, you may want to check out the post on some improvements on the RSS team blog. Most notably the RSS Platform is now API complete. This means that, barring any serious bug that we must fix, applications written against the Beta 3 API will run unmodified against the final RTM release of the platform. Check them out.
Walter VonKoch Program Manager
I had mentioned a while back that we planned to call the version of IE7 in Windows Vista “Internet Explorer 7+”. Well, the feedback we got on the blog was overwhelming – many of you didn’t like it. So, as we’ve said on our website , we heard you. I’m pleased to announce that we’re switching the name back to “Internet Explorer 7”. No plus. No dot x. Just “Internet Explorer 7”.
Specifically, here are the official full names:
For Windows XP: “Windows Internet Explorer 7 for Windows XP” ...
Here’s a quick reminder to tell you that members of the IE team will be online for an Expert Zone chat this coming Thursday, August 10th at 10:00AM PDT (5:00PM GMT). A transcript will be published after the chat. You can also browse through the transcripts of other recently held chats.
These chats are lots of fun and we hope you will join us for the chat if you can. See you all on Thursday!
Cheers, Uche Enuha Program Manager
The IE cumulative August 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 8 security issues: 5 remote code execution vulnerabilities, 2 information disclosure vulnerabilities and 1 elevation of privilege vulnerability. For more information on the contents of this update, please see:
Microsoft...
A presentation at Black Hat last week has sparked some discussion in the community. The presentation talks about the potential dangers of script in feeds. I posted on the RSS Team blog regarding the mitigations that are implemented in the IE7 Feed View and the Windows RSS Platform that specifically address potentially malicious scripts in feeds.
We welcome discussions about security and RSS which will ultimately benefit users. Keep the feedback coming!
Walter VonKoch Program Manager
My name is Mark Harris, and I am the Program Manager driving extensibility in IE7. With the creation of www.ieaddons.com we have a rich set of 3 rd party add-ons, and we are committed to improving this resource over time. Most users are familiar with toolbars, but many don’t realize the breadth of the add-ons available for Internet Explorer.
Personalize Your Ride
I rented a Harley-Davidson Sportster 1200C this past weekend (hold the mid-life crisis jokes). There are a huge number of accessories...
Hey all you ActiveX control owners out there, this is Sharon, PM owner of Manage Add-ons. Today I’m asking you to help us clean up the Manage Add-ons interface by digitally signing your controls.
Manage Add-ons (Tools à Manage Add-ons à Enable or Disable Add-ons) displays information about all of the controls on a user's system. It shows them the control name, publisher name and control status (enabled or disabled) among other things. Controls that are not properly signed become an eye-sore in...
I wanted to point out that many of the IE team members have their own blogs and frequently post there about IE topics. Some recent examples: Chris Wilson talks about CSS compliance, Jeff Davis writes about IE’s command line parsing as well as how ActiveX controls and popup blockers interact, and Justin Rogers blogs about implied tags in HTML. The RSS part of our team, of course, has their own team blog . More of our team members’ blogs are listed in the bottom of the right column of this page.
...
The Windows Live team released a new tool for editing and creating blogs yesterday called Windows Live Writer (WLW). I am using it right now to post this entry, and I am impressed. It supports WYSIWYG editing , saving drafts of my posts, inline photos, and -- can you believe it? -- support for multiple blogging engines: Live Spaces (of course), Blogger , and many others. Any blog site that supports the Really Simple Discoverability (RSD), Metaweblog API, or Movable Type API is supported out of the...
It’s clear from the comments that the participants and readers enjoyed our August 10 th chat. It was a pleasant surprise to not only get a ‘Great Job’ but also to get ‘xxxx’ (kisses) from one of the participants (to find out the exact quote, check out the transcript and Ctrl+F ‘xxxx’). I never expected to connect in this way with a customer but hey, I love surprises. Please feel free to come to the next chat (the schedule is available at: http://www.microsoft.com/windowsxp/expertzone/chats/default...
We are currently locking down IE7 for shipping and I wanted to give an update on the CSS work that went into IE7. Chris originally outlined our plans for IE7, and we listened to a lot of feedback ( blog , connect database , conferences , our WASP partnership etc.) to help us address the most grievous bugs and prioritize which features to put in for IE7. I like to thank especially the contributors on this blog for their participation. Your feedback made a difference in deciding what issues to address...
You may have read reports of a new, irresponsibly disclosed vulnerability that affects IE 6.0 SP1. We are aware of this issue and are actively working on an update that addresses the problem, which was introduced with our last security update (MS06-042). This issue only impacts customers running IE 6.0 SP1; customers running Windows XP SP2, Server 2003 SP1, IE 5.01 on Windows 2000, or any of the IE7 betas including Windows Vista are not affected. As far as we know, there are no active exploits at...
This morning we released our first public release candidate, IE7 RC1, for Windows XP. You can download it at http://www.microsoft.com/ie .
The RC1 build includes improvements in performance, stability, security, and application compatibility. You may not notice many visible changes from the Beta 3 release ; all we did was listen to your feedback, fix bugs that you reported, and make final adjustments to our CSS support. I do want to call attention to two changes in particular.
First, IE7 RC1...
Hi everyone,
I’d like to point out a few changes we made to the installation process for the Release Candidate that we think you’ll like.
Installation of the Release Candidate will automatically remove any previous version of IE7.
If installation detects a previous version of IE7, it begins uninstall for you so you don’t have to dig through ‘Add/Remove Programs’. After uninstall completes and the machine restarts, installation begins automatically and reboots the machine immediately when...
This morning we re-released our August security update (MS06-042) for IE 6.0 SP1. This update is available through all of our normal release channels including Windows Update , Automatic Update, Download Center and our deployment tools such as WSUS.
As I mentioned Tuesday , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users. This re-release fixes that vulnerability. We recommend all IE 6.0 SP1 customers install the update immediately. Users running Windows...
My name is Seth McLaughlin and I have been working as a Program Manager intern on the User Experience team for the past few months. The summer is coming to an end and I will soon be returning to school at the Rochester Institute of Technology. Before I go, I wanted to let you know about a new resource that’s available for all of you keyboard lovers out there.
There are many great shortcuts in IE7 - two of my favorites are CTRL+E to quickly access the Search box and ALT+D to select the Address...
Hi, Travis here, a program manager for Trident/OM. In Beta3, you may have noticed that modal or modeless dialogs created from script seem to be slightly bigger than their IE6 counterparts. This is due to a recent change to bring the behavior of these dialogs closer to their window.open cousins. In essence, we want to free developers from worrying about how much content size they are going to get when they request a modal or modeless dialog (from IE7 and onward). Note: our definition of content size...
Hi there, it’s Max again, and with the availability of our first release candidate (RC1) build of IE7, I wanted to explain a new feature some of you might have seen when installing and running RC1. As an overall goal for IE we want to build the most stable and reliable browser that we can. We know that we sometimes make mistakes that cause crashes or hangs, but we actively try to find and fix the cause for as many as possible. Tools such as Windows Error Reporting help us a lot here, and we encourage...
Hello again, this is Peter Gurevich, Performance PM (among other things) for IE7. We have heard a lot of requests to improve our Jscript engine, especially now that AJAX sites are becoming more prevalent on the web. I want you all to know that we have been listening and have recently made some great fixes to our engine to improve the garbage collection routine and to reduce unbounded memory growth. You should see noticeable improvements on AJAX sites in the Release Candidate we shipped last week...
I’ve been getting questions from folks lately who are wondering what will happen to IE6 (SP1) when IE7 ships. “Will Microsoft continue to provide security updates for IE6 after IE7 ships?” “Will customers have to migrate to IE7 by some point in time?”
The answer is simple: IE6SP1’s support policy will not change when IE7 ships. Everywhere that IE6SP1 is supported today, IE6SP1 will continue to be supported until the OS it ships with expires. Are you running IE6SP1 on Windows 2000 SP4? You will...
Hello again, this is Peter Gurevich, IE PM for ClearType (among other things, as my blog posts have shown). Today I want to give you a little heads up on an issue we have seen with DXTransforms and ClearType, and let you know what we have done to ensure good readability of text in IE.
During our testing we noticed that DXTransforms are sometimes applied to elements that contain text (now rendered in ClearType). As our users also noticed, the ClearType text then looks extremely blurry - unfortunately...
Last time I posted about search I talked about our new extensibility mechanisms: window.external.AddSearchProvider, and Search Discovery . Today I’d like to talk about enhancements we made since that post, and point you to a tool that you can use to create your own custom providers.
To recap the last post: In Beta 2, window.external.AddSearchProvider gave website authors the ability to put a link on their page to prompt users to add a new search provider. We locked this call down using logic similar...
2006/9
We've just completed a redesign and refresh of the IE Developer Center on MSDN. The goal is to make it easier to find IE related developer content and even includes an updated photo of me with the neon blue 'e' behind me that you can find in the lobby of our building on the Redmond campus!
We've worked to make some of the essential links such as reference material easier to find and we will be promoting different content on the front page regularly making it well worth visiting on a regular basis...
As a scripting junkie at heart, I set out to write an extension in script for IE7: inline search – searching the document for text while I type. Before you get too excited, this does not replace the Find functionality in IE7. It’s just me getting excited about scripting.
After investigating the different places I could extend IE with script, I decided to implement inline search as a context menu . All I had to do was create an HTML or JavaScript file with my script in it and add keys to the registry...
Just wanted to remind everyone that the IE team will be having our Expert Zone chat on Thursday September 14 th at 10.00AM PDT (5.00PM GMT). We’ll also post the transcript shortly after the chat for those of you who can’t make it.
Cheers,
Uche Enuha Program Manager
One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle (SDL) has changed the way that Microsoft builds products. I talked about how we’re reducing attack surface with features like ActiveX opt-in, improving code quality and building-in Defense in Depth with Protected Mode . I didn’t get a chance to cover the new RSS feed support but I think the RSS team’s work is a great example for anyone building a new client to handle RSS feeds and a case study in...
This morning we re-released three versions of our August 2006 cumulative security update (MS06-042). As I had written about before , the original release of MS06-042 introduced a new security vulnerability for IE 6.0 SP1 users which we addressed in a subsequent re-release. However, with the increased scrutiny this release received, a security researcher responsibly disclosed to us that a similar vulnerability was also discovered in IE5.01 on Windows 2000, IE 6.0 SP1 (in a different location), and...
While working on IE7 application compatibility, we’ve seen many cases of interesting and strange invalid file URIs. I believe a substantial amount of responsibility for the confusion over file URIs lies with the deprecated urlmon.dll function CreateURLMoniker. This function is used by Windows application developers mainly to convert a string URI into an object that can be used to obtain the data represented by the URI. CreateURLMoniker does a couple of horrible things to file URIs that if misused...
Greetings! I’m Raghava Kashyapa, Program Manager for the Microsoft Phishing Filter technology in IE7. As you might already know - it is important to use the latest versions of IE7 to get the benefits of all the changes we have made over the past year since the release of the first public beta.
We made improvements to the client based on feedback and want to ensure users use these new and improved builds of the browser. The impact of these improvements means that older IE7 beta versions prior to...
A researcher posted a vulnerability against IE6 yesterday that uses random input to create a heap overflow in a Direct Animation object. Our team is testing a security update right now to fix this overflow, but in the meantime you can keep your systems safe from this vulnerability by disabling ActiveX controls in the internet zone. If you’re a desktop administrator responsible for a set of desktops, you can publish a more tactical fix by disabling the control. If you have the ability to set registry...
This is just a follow up to my recent post about dialog sizing in IE7 . Based on your feedback regarding the minimum dialog height restrictions, my team re-evaluated our position and changed the minimum height from 150 to 100 pixels. We think this change:
Reduces application compatibility issues where dialogs were coded to the IE6 minimum height
Is more consistent with other browsers’ minimum height providing more consistency for content developers
Again, we appreciate your constructive...
In April 2005, we blogged about the new Internet Explorer 7 User Agent string sent to websites by the browser to identify itself. Since our original blog posting, we have also posted two new articles on the topic to MSDN: Understanding User-Agent Strings , and Best Practices for detecting the Internet Explorer version . A quick recap: On Windows XP SP2, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) On Windows 2003 Server, IE7 will send the following...
Hey all,
Here’s the link to the transcript for the September Expert chat: http://www.microsoft.com/windowsxp/expertzone/chats/transcripts/06_0914_ez_ie.mspx .
We will be holding another chat in November for those of you who couldn’t make this one. Information about our upcoming chats can be found at: http://www.microsoft.com/windowsxp/expertzone/chats/default.mspx
Cheers,
Uche Enuha Program Manager
Add-ons for the IE platform are more than just toolbars, custom browsers and find-on-page add-ons . The edges of what you can do with the platform are virtually unlimited.
Earlier this year at Mix06 , Greg Reinacker and Walter VonKoch demo’d a tool for synchronizing the RSS platform state with your NewsGator online account. On Monday, Nick Harris (no relation) at NewsGator announced that the tool, renamed “NewsGator Desktop Sync” is available for general beta. From his post:
“Desktop Sync...
As we’ve worked on the new Phishing Filter in IE7, we knew the key measure would be how effective it is in protecting customers. In addition to our internal tests, we wanted to find some external measure of our progress to date as well as pointing to ways we could improve. We didn’t know of a publicly available study covering the area, only some internal and media product reviews. (We’ve blogged a few times about the new Phishing Filter in IE7; in addition to these technical details we published...
Hi folks, my name is Geoff and I am a Program Manager with the IE team focusing on security updates. On Tuesday, Windows released a security update for a vulnerability in the Windows component VML (vector markup language) that can result in remote code execution running on an affected system. Although this is not an IE vulnerability, we feel it is important to mention here, as IE can be used as an attack vector for the exploit. The VML team and MSRC have investigated the issue, produced a fix, and...
2006/10
To help you prepare for the IE7 release we’ve updated many of our tech articles on MSDN including those on Protected Mode , ActiveX Security and CSS Compatibility . You’ll find more sample code, more examples, and best practices for scenarios that you’ve brought to us this year.
As an example, Protected mode changes the way IE opens because it needs to create both low and medium integrity processes, IExplore.exe at low and IEUser.exe at medium. If your application opens and closes IE, you’ll want...
The final release of IE7 is fast approaching … and I mean really fast … and will be delivered to customers via Automatic Updates a few weeks after it’s available for download. We want to ensure that you are ready and the information below will help get you there.
Compatibility with sites, extensions and applications has been a very high priority for us as we develop new features, enhance the existing features and move the platform forward to be more secure and standards compliant. We are continually...
We wanted to give you guys one last chat session before we ship IE. So if you can, you should join us for the chat this Thursday, October 12 th at 10.00AM PDT (5.00GMT) otherwise you can catch all the action in the transcript.
Cheers,
Uche Enuha Program Manager
A few people have asked why we recommend temporarily disabling anti-virus or anti-spyware applications (which I’ll refer to together as anti-malware) prior to installing IE7, so here’s a little insight to the situation.
Along with copying IE7 files to your system, IE7’s setup writes a large number of registry keys. A common way anti-malware applications protect your computer is by preventing writes to certain registry keys used by IE. Any registry key write that fails during setup will cause setup...
Hey all,
The transcript for the October Expert chat is now available. Many thanks to all who attended our final chat for IE7. We intend to keep this going after IE7 ships so stay tuned :)
Cheers,
Uche Enuha Program Manager
In addition to the more prominent work we’ve done to enable international scenarios (like adding support for International Domain Names ), Internet Explorer 7 updates the available values for the Accept-Language header. Accept-Language is an HTTP header sent to the server by the browser to indicate the user’s language and locale.
As an example, the Accept-Language header sent by the browser of a native French speaker in France and fluent in German might be:
Accept-Language: fr-FR,de-DE;q=0...
We’ve been talking for a long time about making sure IE7 is as secure as possible but still compatible with the Internet. The principle that helps us balance security and compatibility is to not impact existing websites unless we need to change IE to help protect end users. As we asked web developers and server administrators to make changes, they spoke frankly with us about what they could and what they couldn’t change. Today, we’ll look at a couple timely examples of how this principle played out...
Today we released Internet Explorer 7 for Windows XP. I encourage everyone to download the final version from http://www.microsoft.com/ie .
We listened carefully to feedback from many sources (including this blog) and worked hard to deliver a safer browser that makes everyday tasks easier. When I first posted publicly about IE7 , I wrote that we would go further to defend users from phishing and malicious software. The Phishing Filter and the architectural work in IE7 around networking and ActiveX...
Hello, my name is Kellie, I am a Lead Program Manager on the IE Team. First and foremost, the IE team would like to thank everyone in the community who contributed feedback to the IE7 release. You guys rock! This release was the first time we used the Microsoft Connect site to collect feedback for the public beta. We learned a lot of lessons from this feedback program, and we intend to make it better next time around. We received an overwhelming response from you and your efforts provided great ideas...
Now that we’ve released IE7 in English, I want to update everyone on our plans for other languages. The short version is that we will be releasing IE7 in all languages available for each version of Windows – twenty-four fully localized languages in total. In two to three weeks, we’ll ship the Arabic, Finnish, French, German, Japanese, and Spanish language versions. The remaining languages will be released in phases between November and January. I’ve listed the set of fully localized languages by...
Now that IE7 has released, I want to remind everyone about the plan we announced back in July to distribute IE7 via Automatic Updates (AU) and point you to the readiness materials we’ve created.
To help you become more secure and up-to-date, we will distribute IE7 via Automatic Updates as a high-priority update. We will start very soon with those of you who are already running IE7 pre-releases and then move onto IE6 users after a few weeks. We will progressively roll out to all IE6 users over...
You may recall when Seth originally introduced our Quick Reference Sheet for IE7 in an earlier post . Since then we’ve made a few additions and posted it to the main IE7 site on Microsoft.com .
The Quick Reference Sheet pulls together some really useful keyboard and mouse shortcuts that will help you get the most out of your browsing experience, so check out the printer friendly PDF version , print yourself a copy, and keep browsing!
Aaron Sauve Program Manager
Last week Channel 9 , with camera in tow, paid a visit to the IE Team. In the first video I talk far too long at the start before we walk the hallways and meet a few members of the team. In the second video we chat with Max Stevens on user experience. The third video is with the RSS team where we discuss the new RSS support in IE7. In the final video we meet Eric Lawrence and Katya Sedova and discuss networking. As you can tell from the videos we had a lot of fun doing them and hope to have the Channel...
Some people are discussing a recently announced security vulnerability that they claim is found in Internet Explorer 7 on Windows XP SP2 systems.
While it is true that a vulnerability exists, the vulnerability is not actually in any components of IE7, although the attack vector makes it appear that way. Our friends at the MSRC have the issue under investigation and have posted a blog entry with more details on which component is affected and what you should do about it. If you’re curious about...
With your freshly installed Internet Explorer 7, take time to explore our library of add-ons. The IE Add-Ons website has over 400 add-ons registered to date, and many more are on the way. The IE7 team took the last few weeks (in between last minute bug fixes) to collect our must-have list below. All of the add-ons in our list are free to download, integrate well with IE7, and provide extraordinary functionality.
Stay Safe and Secure: Windows Defender is a must-have for anyone concerned about spyware...
Hey! I’m Pete LePage, one of the Product Managers for IE and I’ve been around Microsoft for some time now. One of my favorite things about Internet Explorer is how easy it is to customize with add-ons. Earlier today, Jeremy posted about some of the cool add-ons recommended by the IE Team. Personally, I’m a bit of a developer at heart, so I’m more interested in creating my own add-ons to really customize my experience. Sure it’s a bit more work, but it’s cool to know I can make IE work exactly how...
One of the best parts of IE7 is actually yet to come. High Assurance SSL certificates, now known as Extended Validation certificates are a critical part of our strategy to help customers avoid online fraud like phishing scams
We’ve been hard at work with the other browsers and certification authorities on a set of common guidelines to identify a legitimate business and issue it an extended validation certificate. While we’re finishing up the guidelines for Extended Validation, some key members...
Hi, my name is Jane Maliouta and I am a Program Manager on the IE Team working on the Windows Search Guide .
Throughout the development cycle, we've blogged about Search in IE7 . The Windows Search Guide is part of Instant Search, a new feature in IE7. The search guide page displays search providers that users can select to customize the list in the Instant Search drop down. The providers displayed in the Windows Search Guide are the most popular for each region based on 3rd party website traffic...
Just in case you missed it somehow, we released IE7 last Wednesday . In the first four days over three million of you have already downloaded the final release. Thank you! (If you’re not one of those three million, you can get it here .)
We expect the numbers to continue to climb steadily until we start distributing via Automatic Updates in a few weeks. Clearly, we expect IE7 adoption to really take off then. If you haven’t tested your website with IE7 yet, please use the tools Scott posted about...
Some of you may have noticed the following goldbar on some websites: Our friend Adam on the XML team recently posted on the XML Team’s Blog about MSXML versioning. It’s a great read and thoroughly explains the best practices for using MSXML. As we’ve posted previously , MSXML5 is not pre-approved as there are better options such as MSXML6 and IE’s native XMLHTTP control which you can use on your webpage. Users will need to approve MSXML5 before it can be used on your webpage.
Please help us give...
2006/11
We have released Internet Explorer 7 for Windows XP in five new languages: German, Japanese, French, Spanish, and Finnish. You can download these today from the IE website .
As with the English version, we’re making the localized downloads available a few weeks ahead of distribution via Automatic Updates . German, French, Spanish and Finnish users should be prepared for AU distribution by mid-November. Japanese AU distribution will begin this spring.
We will release additional languages as...
I previously blogged about the availability of the Application Compatibility Toolkit 5.0, a tool that can help you find potential compatibility issues, particularly for corporate IE departments.
Since distribution of the beta download ended in October, I am excited to announce that the release candidate of ACT 5.0 is now available to download and can be used on XPSP2 with IE7 to help you find compatibility issues. You can find more about ACT 5.0 by visiting here . In addition to ACT 5.0, the IE7...
Since we announced the release of IE7, we’ve noticed many questions and discussion about how well the program works with various screen readers and screen enlargers on the net. We wanted to provide the latest information we have from the various manufacturers of these products and answer some concerns around automatic updates.
IE7 and Automatic Updates
As we announced earlier , IE7 is now being distributed via automatic updates.That said, no matter what setting a user has for automatic updates...
Hi, I’m Kelvin Yiu, a program manager with the Windows Crypto team, and I’m very excited to be posting today on the IE blog, announcing plans to make Extended Validation (EV) SSL Certificates available in January 2007.
For over a year, we’ve been working on shaping the form of the next generation SSL (Secure Socket Layer) Certificates, so that they not only provide encryption but also a standard for identity on the Internet. For that purpose we teamed up with many Certification Authorities (CAs...
As you may have seen on the Windows Vista blog , we released Windows Vista to manufacturing today! Wahoo!!!
IE7 in Windows Vista is mostly the same as the IE7 for XP we released a few weeks ago (in fact, we have a single code base for both.) There are a few additional benefits in IE7 in Windows Vista that take advantage of some of the improvements in the new OS, the biggest of which is Protected Mode which allows IE to run at lower than user privilege, thereby providing an additional layer of...
We have received a bunch of questions about the Automatic Updates (AU) distribution process for IE7 and the worldwide rollout over AU. Here are some facts that hope will answer some of those questions.
Prior to starting general AU distribution to IE6 users, IE7 was available via the IE site for several weeks. This brought IE7 to a wider range of users than the beta and enabled us to watch for any issues. The initial rollout went well and we continue to monitor customer feedback through many channels...
We want you to know that some IE7 and Windows Vista users will need today’s security update for MSXML even though by default Windows XP and Windows Vista are not affected.
Many applications install and use versions 4 and the original version 6 of the control as a part of the XML Core Services. The most common versions of MSXML don’t require any update such as MSXML3 and the version of MSXML6 installed with Windows Vista.
Rob Franco Lead Program Manager
As an engineer, I’m proud of the protections we delivered by finishing IE7 but I want to set your expectations that we didn’t and, never will, reach perfection. There have been a few posts on ways to steal data or spoof URLs in IE7 but they really don’t detract from a very simple truth: IE7 will be more secure than IE6 was and frankly, comparisons to other browsers are still too early to be objective.
I want to talk about the “big picture” of how I will judge the progress we made in IE7 and how...
Some of you may have seen stories comparing IE7’s anti-phishing accuracy with our competitors, citing different studies than the one I blogged about earlier that showed IE7’s Phishing Filter had the best overall accuracy. Paul Robichaux, from 3Sharp (the company that ran the study I cited), provides his initial take on this other study here .
Tony Chor Group Program Manager
The IE cumulative November 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update and I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 2 security issues: 2 remote code execution vulnerabilities. For more information on the contents of this update, please see:
Microsoft Knowledge Base article: MS06-067 – Cumulative Security Update for Internet Explorer...
Hello again, this is Peter Gurevich, Performance PM for IE. We have gotten a lot of good feedback from our first post on IE + JavaScript Performance Recommendations so I am eager to hear what you think of our second installment. This is the first of two posts concerning inefficiencies in Javascript code itself.
JScript Code Inefficiencies – Chapter One
There are plenty of ways to use JScript (and other Javascript engines) inefficiently since the interpreter performs almost zero optimizations...
Congratulations Adobe Flash team on shipping the Flash Player 9 update on Tuesday!
This Flash update serves as a model implementation for how browser extensions can work with Protected Mode to keep users safe.
As most of you already know, on Windows Vista, IE7 includes a special feature called Protected Mode where the IE process runs with low privileges. This helps IE significantly reduce the ability of an attack to write, alter or destroy data on the user's machine or to install malicious...
Many of you have asked how to run IE6 and IE7 in a side by side environment. As Chris Wilson blogged about early this year, it’s unfortunately not so easy to do. There are workarounds, but they are unsupported and don’t necessarily work the same way as IE6 or IE7 would work when installed properly. As Chris said, the best way to use multiple versions of IE on one machine is via virtualization. Microsoft has recently made Virtual PC 2004 a free download; we’ve taken advantage of that by releasing...
2006/12
We released three additional language versions of Windows Internet Explorer 7 – Chinese Simplified, Chinese Traditional and Hebrew. This adds to the list of previously released language versions in Arabic, Finnish, French, German, Brazilian Portuguese, Japanese, Italian, Russian, Dutch, Korean and Spanish. Download language versions of Windows Internet Explorer 7 here .
More language versions of Internet Explorer 7 will be available over the next few months.
Mary Hoffman Program Manager
Invalid file URIs are among the most common illegal URIs that we were forced to accommodate in IE7. As I mentioned in a previous blog post there is much confusion over how to handle file URIs. The standard for the file scheme doesn’t give specific instructions on how to convert a file system path for a specific operating system into a file URI. While the standard defines the syntax of the file scheme, it leaves the conversion from file system path to file URI up to the implementers. In this post...
The IE cumulative December 2006 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 4 security issues: 2 remote code execution vulnerabilities and 2 information disclosure vulnerabilities. For more information on the contents of this update, please see:
Microsoft Security Bulletin: http://www.microsoft...
I’m happy to note that Google and Web.de have recently released customized versions of IE7. These versions have been tailored by the two companies to provide the best experience with IE7 for their users. Like Yahoo! , USAToday.com , and others, they used the Internet Explorer Administration Kit (IEAK) to create these versions; this toolkit is available to all developers who want to create their own versions of IE as well as for corporations to help with configuration and deployment.
You can download...
I’m Markellos Diorinos, and I am a product manager with the Internet Explorer team. Yesterday I read a story in the Wall St. Journal about how some small businesses, such as the featured Aunt Joy, will receive a lump of coal this Christmas, as they are unable to get the new EV SSL Certificates. Kelvin and Rob have previously discussed EV Certificates, but I wanted to share some of my thoughts with you.
Just like regular SSL certificates, EV SSL certificates will only be used when sensitive information...
On behalf of the IE team, I want to thank you all for a super 2006! This was a busy year for us culminating in the release of IE7 and Windows Vista. The IE Blog has been a busy place too; we made 184 posts and received 11,729 comments so far this year! We really appreciate your help in making IE7 better and the blog a rich and interesting community. We look forward to a fun and productive 2007 with you.
Happy Holidays!
Tony Chor Group Program Manager
2007/1
Hello again, this is Peter Gurevich, Performance PM for IE. We have gotten a lot of good feedback from our first posts on IE + JavaScript Performance Recommendations Part 1 and Part 2 , so I am eager to hear what you think of our third installment.
JScript Code Inefficiencies – Chapter 2
Here we’ll be concentrating on specific inefficiencies related to closures and object oriented programming.
Avoid Closures if Possible
Closures (functions that refer to free variables in their lexical...
Before shipping IE7, we had regular “expert chats” where we provided you with an opportunity to ask questions and get more information about IE7 and its many features. Now that we’ve shipped, we’re going to start bringing back regular events for web developers and web designers. Every Thursday at 10am PST, we will be running either a web cast or web chat of some kind. The topics will range from CSS to RSS to HTML to add-on development, anything that you might find interesting. In fact, if you have...
Hi folks, this is Geoff again, IE Program Manager focused on security updates. A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security...
We’re happy to announce the availability of a new beta of the IE Developer Toolbar . Along with all the features available previously this release contains some new features to improve the usability and help web designers troubleshoot issues on their pages. User Interface Update . You’ll notice some changes to the user interface. There is now a single button on the IE command bar that allows the user to quickly toggle on and off the bottom panel which then gives easy access to all the features. After...
I’m pleased to report that on January 8th, we had the 100 millionth IE7 installation. However, even more important than installations is usage. According to WebSideStory (the company we use to measure browser usage), as of this week, over 25% of all visitors to websites in the US were using IE7, making IE7 the second most used browser after IE6. We expect these numbers to continue to rise as we complete our final localized versions, scale up AU distribution, and with the consumer availability of...
Hello everyone,
I blogged earlier about the work we have done in IE7 for IT Pros. For those of you who are interested in greater detail, I would like to point you to the recent article published in Technet magazine, titled Utility Spotlight: Internet Explorer Administration Kit . This article is available in 11 languages: English, French, German, Spanish, Italian, Russian, Korean, Japanese, Brazilian Portuguese, Simplified Chinese, and Traditional Chinese.
We are also in the process of writing...
One of the things I really like about my job is getting out to conferences and events where I can meet you guys. It’s a great opportunity to get feedback from you, and to learn more about our developers and users. It’s also a great opportunity for you to get to know the IE Team. We’re really not a bunch of faceless developers, testers and PM’s.
In the past, we haven’t announced what conferences and events we were attending, it was always kind of a surprise, but we are going to try and improve...
Over the summer, our interns Chrix Finne and Nate Furtwangler developed an IE add-on, Feeds Plus , that aggregates feeds and displays pop-up notifications to enhance your IE7 feed reading experience. Chrix posted on the RSS Team Blog about the details of Feeds Plus (and a little about his intern experience).
Enjoy!
Sean Lyndersay Lead Program Manager, RSS
Hi Everyone!
I’d like to introduce myself. I’m Molly E. Holzschlag , and I’m excited to announce that I’ve signed on with the Internet Explorer team on a contract basis to work on standards and interoperability issues. Many readers of the IEBlog will be familiar with the Web Standards Project (WaSP). As the departing Group Lead for WaSP and as an invited expert to the W3C, my work has in the past focused on the creation and evangelism of Web standards. In an effort to develop proactive, cooperative...
This update addresses an issue experienced by some users where CPU usage is high when they are navigating a page that contains multiple frames or when multiple frames are navigated simultaneously. This occurs when the phishing filter evaluates the page for each navigation, resulting in multiple simultaneous evaluations for the same page.
If you have experienced any such performance issues, you are encouraged to download and install this update.
This update is now available on Windows Update...
2007/2
Back in November, we announced our intention to bring Extended Validation SSL Certificates to IE7 . This week at RSA we’ve announced that IE7’s EV SSL support is now live! Many Certification Authorities (CAs), including VeriSign, CyberTrust, Entrust and GoDaddy, are already issuing EV SSL Certificates. We are already seeing businesses such as eBay , PayPal , Charles Schwab , Overstock.com , French Soaps and Stardock ) beginning to use EV to offer verified identity information to their users. I recently...
We’ve refreshed the look of the IE Add-ons site and integrated the site with Windows Marketplace . You can go there directly at ieaddons.com or from within IE7 (choose Tools->Manage Add-ons->Find More Add-ons.) While you’re there, take a look at my favorite IE7 add-on, the NewsGator Desktop Synchronizer , which keeps the IE7 RSS feed list in sync with the NewsGator Online list. This lets me keep the same RSS feeds on my work and home computers as well as giving me a web UI to read feeds.
...
Introduction
New to IE7 is more reliable and standards-compliant support for international mailto URIs. This post will describe how users, application developers, and web developers can use this new feature of IE7.
The following is a simple example of a mailto URI which, when clicked, will launch your default email client to send a new message:
mailto:name@example.com
In IE6, mailto URIs containing characters not found in your system codepage may or may not appear in your mail client...
Recently, I received an interesting customer question I thought I would share.
A web developer presented me with the following scenario: his web application lets users create and manage a list of items, and this list is exposed as a feed so users can be updated when it changes. However, after the user deletes an item using the web application, that item is still present in the feed view of the RSS aggregator. Since the feed is supposed to correctly reflect the state of the user’s item list, this...
The IE cumulative February 2007 security update is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already.
This update addresses 3 security issues – all three are remote code execution vulnerabilities. For more information on the contents of this update, please see:
Microsoft Security Bulletin MS07-016
Microsoft Knowledge Base article 928090...
It’s always good practice when developing web pages to test them in browsers with default settings as it is most likely that your users will have default settings when using their browsers. One thing that we’ve seen catch a couple of people out with IE is that the default settings can be a little different depending on the security zone the page is running in.
Many of you will be familiar with the different security zones in Internet Explorer with the internet and intranet zones being two that...
One of the benefits of creating a new URI parsing API for IE7 was that we were able to more easily add support for IPv6 addresses in URIs throughout IE7. This blog post will describe the use of IPv6 URIs in IE7.
IPv6 Syntax
One of the advantages of IPv6 over IPv4 is that IPv6 addresses are four times longer than IPv4 addresses (128 bits vs. 32 bits) allowing for about 3.402 * 10 38 unique IPv6 addresses. Due to the longer length, a new and more compact textual representation is used for IPv6...
I can’t believe it’s already been almost a year since MIX06 , and the countdown for MIX07 has started. With 63 days until MIX07 starts, and the early bird discount still available, now is the time to register !
While the list of sessions is still being finalized, the IE team is going to be there in force again this year. We’ve already announced a few IE specific sessions, including “IE7 Past, Present and Future”, “Making Money with RSS”, and “Thinking in CSS: How to Build Great Looking Sites with...
2007/3
One thing I like to do when I set up my machine is customize the location of my personal stuff like photos, documents, pictures, and favorites to a different drive in order to preserve my files during the onslaught of dual booting, upgrading the OS etc. which I often perform as a tester on IE.
For the sake of relevance and simplicity, I am going to limit this discussion to only Favorites and not all of the shell folders.
What used to be an undesirable hack in XP is now a fully supported feature...
I posted a short FAQ on troubleshooting Favicons in IE7 on my blog . The post has been fairly popular since the initial posting, and these questions come up a lot, so we thought we’d bring it to the attention of the larger IE community. If you have further questions, I will be happy to answer them.
–Jeff Davis, SDE
Hi, I’m B. Ashok, the Product Unit Manager for Web Development Tools . As mentioned in my earlier post last summer, we have removed the DHTML Editing Control from Windows Vista as part of making the operating system more secure.
One application that used the DHTML Editing Control in the past was OWA (Outlook Web Access). We have issued a required update to both Exchange 2000 and 2003 that enables OWA support for IE7 in Windows Vista. However if your server does not have this update applied, you...
I would like to announce that Microsoft released Windows Server 2003 Service Pack 2 . This service pack contains a roll-up of all IE6 fixes to date. It will not upgrade IE6 users to IE7. For more information about other changes in the release please refer to the "Evaluate and Plan" section of the Windows Server 2003 SP2 download page .
IE7 users can upgrade directly to Windows Server 2003 SP2 without uninstalling IE7 first. There has been some confusion around this point. We are in the process...
Just after we released IE7, we announced a contest for developers. Create and submit an add-on to www.IEAddOns.com and the best add-on would win a trip for two to MIX07. Entries needed to be submitted to www.IEAddOns.com between November 1, 2006 and February 9, 2007, had to be either a completely new add-on or an enhanced version of an existing add-on. We recruited members of the Internet Explorer product team to install and review the add-ons. With over 400 entries, it was a difficult decision to...
In my original blog post about releasing the IE6 Virtual PC Image, we mentioned that it would expire on April 1st, 2007 (no, it wasn’t an April Fool’s joke), and that we’d be releasing a new VPC image to replace it sometime in March. Well, I’m happy to report that I propped the new VHD up on Monday morning. You can download the image here . Take note that a free download of Virtual PC 2007 is now available, replacing VPC2004.
I didn’t make any major changes to the image other than adding the latest...
Hi, my name is Mike Chan, and I’m a product manager for Internet Explorer focused on businesses. This week, we released two documents to help businesses get IE7 deployed. The first document explains the business value of upgrading to Internet Explorer 7 for Windows XP and can help you convince your management to deploy the latest version of IE. The second document provides detailed guidance on how to get moving on that deployment.
The IE7 Technology Overview for Businesses describes how improvements...
Jeremy Dallman here with some important information from the MSXML team to the IE development community. The XML Team’s Blog has recently announced that they will be issuing a kill-bit for MSXML4 at the end of 2007 (October-December timeframe). Please read through the below post copied from the XML Team’s Blog and start validating your applications against MSXML6.
They have provided an email address to field your questions or concerns. Please don’t hesitate to contact them with your feedback....
We’ve noticed a few blog posts asking why IE7 in Windows Vista displays a prompt to launch Notepad. You can see this prompt by right clicking on a webpage and selecting View Source. I want to explain why the prompt is displayed and also tell you how to turn it off.
As you probably already know from previous blog entries , Windows Vista includes an IE security feature called Protected Mode. Protected Mode runs the IE process with lower privileges and also helps protect against malicious webpages...
2007/4
Hey everybody! Molly Holzschlag here. As some folks might be aware, I’ve been visiting Microsoft, refining our work goals in relation to standards, and meeting some really great people in the process. One thing that’s really got me excited is how many people from around the company reached out to me with great enthusiasm regarding product evolution in relation to Web standards and interoperability. This did come as a surprise, frankly, I was confident that the IE team is more than interested in doing...
Hi, my name is Sharath Udupa and I’m a developer on the IE team. Many customers have asked us about when Protected Mode feature is turned on or off for Internet Explorer in Windows Vista.The Protected Mode feature is available only in Windows Vista. By default, Protected Mode is enabled for Internet, Intranet and Restricted zones while disabled for the Trusted Sites and Local Machine zone.
To enable or disable Protected Mode for a zone go to: Internet Options > Security tab > Select the...
Hello! Just wanted to give you a quick update that we’ve dropped two new VPC images that you can use with the free copy of Virtual PC 2007 .
The first is a refresh of the Windows XP SP2 + IE6 image . A few people were encountering a non-genuine Windows warning from the Windows Genuine Advantage (WGA) Notification Tool. We did not install the WGA Notification tool on the image this time around. As we’ve mentioned in previous blog posts , these images have had their product keys deactivated, thus...
MIX07 is coming up in a week and a half and I wanted to provide an overview of the IE activities at the show. As most of you know, MIX is Microsoft’s conference for Web designers, developers and decision-makers who live and work on the consumer Web.
Last year at MIX06, Microsoft placed a lot of emphasis on Internet Explorer 7, showing off improvements in the rendering engine, the new RSS platform, and the new security features like Protected Mode and ActiveX opt-in. Internet Explorer 7 has now...
The IE blog will be offline for scheduled maintenance beginning at 11:00 AM PST. We don’t anticipate this taking long at all. Thanks for visiting us!
Kristen Kibble Program Manager
Update: maintenance complete
You may have encountered a warning similar to the following when browsing web sites with IE7:
This website wants to run the following add-on: ‘MSXML 5.0’ from ‘Microsoft Corporation’. If you trust this website and the add-on and want to allow it to run, click here…
The same warning may appear for some other common add-ons:
This website wants to run the following add-on: ‘QuickTime’ from ‘Apple Computer, Inc.’.
This website wants to run the following add-on: ‘Windows Media 6.4 Player...
2007/5
Good morning everyone, I am pleased to announce that the IE Cumulative Security Update for May 2007 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 6 remote code execution vulnerabilities. For detailed information on the contents of this update...
At PDC in 2005, we announced the Internet Explorer Developer Toolbar and made the first build available shortly after. Since then, we’ve released two additional betas; thanks to your testing and feedback, we’ve improved the quality and added new functionality like formatted source viewing and CSS selector matching.
Today I’d like to announce that v1 of the IE Developer Toolbar is complete! Please download the toolbar and read release notes here .
What’s changed since Beta 3?
This release...
After downloading the Internet Explorer Cumulative Security Update for May 2007, some users have experienced an unexpected “Save File” security dialog upon launching Internet Explorer. This might occur when the “Temporary Internet Files” folder is moved to a custom location and Internet Explorer does not have appropriate access rights to the new folder location.
The Internet Explorer Team is currently investigating appropriate solutions for this user scenario. For your security, we strongly recommend...
Hi everyone,
In a few weeks I'll be at TechEd 2007 in Orlando, FL, with a few other members of the IE team. I'm giving a "chalk talk" on web development tools for IE, both MS and third-party, such as Visual Web Developer Express (VWD), Fiddler, and IEWatch. The session is on Thursday, June 7, from 2:45 PM - 4:00 PM in Blue Theater 14. It'll be 95% demo and Q&A so don't worry about sitting through 75 minutes of PowerPoint. :) And for those of you who can’t make it, I’ll post a write-up of the...
Many of you will be attending TechEd 2007 this year, so I wanted to summarize our presence at the Event.
As you know, TechEd is focused on current technology, so our sessions are focusing on unlocking the power of IE7. There are 6 breakout and 7 chalk talk sessions that you can visit to get in-depth information on Internet Explorer – and have the opportunity to interact with the members of the team. We’re also excited to have Molly Holzschlag doing a couple of sessions on Monday. If you have more...
I'm Will Mason, and I manage the developer documentation team for Internet Explorer. We write the documentation for HTML, DHTML, CSS, WebBrowser Control , etc. that you can find in the MSDN Library.
You might have noticed lately that the MSDN site has changed its domain name to MSDN2. Beginning last fall, the MSDN (Microsoft Developer Network) group has been using a new publishing tools and had to keep the content published with the old tools separate from the new. As you have probably figured...
2007/8
A while ago I talked about Internet Explorer sessions we were giving at Tech-Ed 2007 . And while it was a great pleasure for me to see many of you there, not everyone could make it to Tech-Ed. Working with TechNet’s IT Showtime, we’ve made my presentation Windows Internet Explorer 7 Security In-Depth available to watch online, as well as a selection of other Tech-Ed presentations .
A new feature of this year’s Virtual Tech-Ed was the FishBowl , which showcased 15 minute interviews with speakers...
One of the most important activities we do in the software industry is service our customers through software updates. Like any other binary software, ActiveX controls often need to be updated with bug fixes and new functionality. So what is the best way to get updates to our customers?
Steve, from our Silverlight team, and I were just chatting about good update practices for ActiveX controls, and we want to share them with you. Most of these practices are already in common use among ActiveX controls;...
The IE Cumulative Security Update for August 2007 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 3 remote code execution vulnerabilities. This bulletin also includes killbits for some vulnerable third-party ActiveX controls. These have been set...
Just a quick blog post to let you know we’ve updated the IE6 (XP SP2) and the IE7 (XP SP2) VPC images that you can use with Virtual PC 2007 .
You can find the images at http://www.microsoft.com/downloads/details.aspx?FamilyId=21EABB90-958F-4B64-B5F1-73D0A413C8EF&displaylang=en . From here, you can download either the IE6 image or the IE7 image. Both images are pretty much identical to the ones we published back in April, they contain all of the updates through last week, and any included tools...
Hi everyone,
In June I posted information about a number of developer tools , one of which was Ajax View. Ajax View, developed by Microsoft Research , can help improve a developer's visibility into their web application’s performance and behavior. Recently, the researchers building Ajax View – Emre Kıcıman and Ben Livshits – released a public version of the tool (licensed for academic or other non-commercial use) so I want to share a link and provide a little more information about it.
What...
As a part of the August Cumulative Update for Internet Explorer , a small enhancement was made to Internet Explorer’s HTTP Cookie handling. This post describes that enhancement, and presents some other considerations for using cookies on your site. A knowledge base article referencing this change can be found here .
Background
In the past, IE’s cookie jar stored a maximum of 20 cookies per domain. If more than 20 cookies were sent by the server, older cookies were automatically dropped by the...
2007/12
Just as he was the first to talk about IE7 , Bill Gates kept the tradition alive and discussed IE8 at the Mix ‘n Mash event here on campus yesterday. Bill was talking to some bloggers about IE.Next and called it IE8, the same way we do here in the IE team hallway.
So, yes, the version after IE7 is IE8. We looked at a lot of options for the product name. Among the names we considered and ruled out:
IE 7+1 IE VIII IE 1000 (think binary) IE Eight! iIE IE for Web 2.0 (Service Pack 2) IE Desktop...
The IE Cumulative Security Update for December 2007 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 5 remote code execution vulnerabilities. This bulletin also includes killbits for some vulnerable ActiveX controls. For detailed information on...
A couple of weeks ago, we announced that an optional preview for the Internet Explorer Automatic Component Activation was coming in early December, and I’m happy to say that it is now available. Read Knowledge Base article 945007 for full details, along with links to the specific downloads for each operating system.
If you don’t recall, in April 2006, we made a change to how Internet Explorer handled embedded controls used on some webpages. Some sites required users to “click to activate” before...
After downloading the Internet Explorer Cumulative Security Update for December 2007, some customers using IE6 on Windows XP Service Pack 2 have experienced an unexpected crash or hang upon launching Internet Explorer.
This might occur while navigating to a website hosting considerable media content (for example: http://msn.com ) resulting in Internet Explorer displaying a dialog that states “Internet Explorer has experienced a problem and needs to close”. If you experience this issue, implement...
As a team, we’ve spent the last year heads down working hard on IE8. Last week, we achieved an important milestone that should interest web developers. IE8 now renders the “ Acid2 Face ” correctly in IE8 standards mode.
If you’re not a web developer, the details of this blog post probably aren’t all that interesting for you. I’d like you to know that we’re building IE8 for many different customers (consumers, web service providers, independent software vendors, enterprises, web developers,...
2008/3
We’ve decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we’ve posted previously.
Why Change?
Microsoft recently published a set of Interoperability Principles . Thinking about IE8’s behavior with these principles in mind, interpreting web content in the most standards compliant way possible is a better thing to do.
We think that acting in accordance with principles is important, and IE8’s default is a...
MIX08 kicks off in Vegas tomorrow! We’ve got a few sessions lined up and the event opens this year with IE General Manager, Dean Hachamovitch, being among the keynote speakers.
For those unable to attend, you can follow along at home by keeping an eye on the MIX08 website . The keynote will be streamed live, and the rest of the content will be updated throughout the conference with videos from the sessions, photos, and more.
Check out the site and follow along!
Jefferson Fletcher Product...
This morning at the MIX conference in Las Vegas, the IE team made eight announcements about IE8. The most interesting for many people is that a developer beta is now available. Download it here .
The rest of our talks and demos focused on seven other areas that appeal to developers:
Our goal is to deliver complete, full CSS 2.1 support in the final IE8 product. IE8 Beta 1 for developers delivers better interoperability with other major browsers, addressing major pain points (e.g. floats...
It’s exciting when we have a new beta to release! The launch of IE8 developer beta is a huge milestone, and we have set up various mechanisms to collect feedback. Before I list out all of our feedback channels for IE8 betas, I want to explain what we learned from our experience with IE7 feedback.
We were thrilled but a little overwhelmed by the amount of input we got in IE7. Frankly, we couldn’t keep up and really do a good job handling the free-form bug entries. So we want to try something new...
Although we said that IE8 Beta 1 passes the ACID2 test , some of you may be seeing results like the image above; we thought we should explain what’s going on. IE8 passes the official ACID2 test hosted on http://www.webstandards.org/files/acid2/test.html . (Note, this seems to be a popular destination at the moment. You may have trouble reaching the site.)There are also a number of copies of this test around the net. One popular copy that I’ve seen of late is http://acid2.acidtests.org/
IE8 fails...
Some of the first things users may notice in the Beta 1 release of Internet Explorer 8 are new features such as Activities and WebSlice. We recognize that the technology behind Activities and Webslice relies on innovations that have come out of the community, which of course has had a critical role in the development of the Internet. We also appreciate the community’s deep commitment to permissive IP licensing and to ensuring the continued ability to innovate.
So with these new features and other...
If you’re like me, you’ve found that it’s pretty hard to keep track of all the new services and sites out there, let alone the ones we use every day. I bookmark my favorite sites and services, but still spend a lot of time trying to find them. A couple of months ago, a friend showed me a service that finds related videos. I ran across a blog that showed a funny video on chinchillas and wanted to see similar videos. I spent 5 minutes looking for the service in my Favorites. When I finally found it...
As Dean mentioned yesterday in his post announcing the availability of the Internet Explorer 8 Beta 1 for developers , better script performance is of particular interest to the developer community. In conjunction with Dean’s announcement, the JScript Team posted additional information around scripting improvements in IE8 Beta 1 over on their team blog . I encourage you to check it out and follow their blog to learn more about the cool things they are doing for IE8!
Kristen Kibble Program Manger
Since I joined the IE team at the beginning of 2007, it has become clear to me how important it is for web developers to predict how a given browser will work. I’ve certainly heard and read how very important it is to web developers to minimize the cost of supporting each additional browser version. In apparent contradiction to this, everyone needs continued innovation in the browser to create new online business opportunities.
One of the most important ways to ease development costs is to support...
During my talk at MIX 08, I covered more background and detail behind the new IE8 layout mode that provides greater standards support, particularly with regards to CSS 2.1, and version targeting . I’d like to follow-up that talk with a brief post on both points for those that were unable to attend in person.
Clearly there is a lot of momentum behind pushing the web forward (as evidenced, in part, by the lively dialog on this and other blog sites around the web). To this end, we’ve invested in...
Over the past year, I’ve written about different tools to help web developers become more productive when developing in Internet Explorer. These tools came from partners inside and outside Microsoft. One – the IE Developer Toolbar – came from the IE team in response to your requests for a free, lightweight tool to help debug your site in IE.
The IE8 Developer Tools are the next step in helping make developers more productive in Internet Explorer. In this post I’ll introduce you to what’s available...
Dean mentioned a bunch of things we are doing in Internet Explorer 8 Beta 1 for Developers . I want to point you to more details specifically about the developer focused changes to CSS, the DOM and the new version targeting.
Standards support (CSS/HTML)
IE8 improves rendering of content authored to various web standards in standards mode. As we have mentioned before, IE8 Beta 1 for Developers ships with standards mode as its default formatting engine. In order to maintain backwards compatibility...
For the Internet Explorer 8 Beta, we’ve added an Emulate IE7 button to the command bar. It will help you with everyday browsing and with quickly checking your site as you work on it.
Everyday Browsing
If you’re having trouble on a site that you’d like to browse, try the Emulate IE7 button. This causes IE8 to use the IE7 user agent string , version vector and layout modes . Also, we’re interested in webpage problems so report them using the IE8 Beta Feedback tools.
Developer configurations...
Hey everyone, Christopher here. It’s been a while since I’ve blogged anything here (over a year in fact). While my role in IE7 was focused on security community outreach , for IE8 I’m focused on increasing security, and delivering great end-user features. The first of which we gave some love to is the Address bar.
Domain Highlighting
At a glance, the most visible change with IE8 is Domain Highlighting. Internet Explorer 8 will automatically highlight what it considers to be the owning domain...
Hi, my name is Andy Zeigler, and I’m a Program Manager on the Internet Explorer Foundations team. I’d like to tell you about a new IE8 feature called Loosely-Coupled IE, or LCIE for short.
Essentially, LCIE is a collection of internal architecture changes to Internet Explorer that improve the reliability, performance, and scalability of the browser. It also paves the way for future improvements in other areas, including security and usability. To do this, we’ve
isolated the browser frame and...
Hi, my name is Helen, I am a Program Manager on the User Experience team of Internet Explorer, and I’m happy to introduce the IE8 Favorites bar!
New Functionality on the Favorites bar :
The Favorites bar, previously known as the Links toolbar, has been updated with great new functionality that helps you get information from your favorite websites quickly and easily. The new IE8 Favorites bar still has your favorite links just one click away, but also allows you to add WebSlices (new feature...
Hi,
My name is Jane Maliouta and I’m the program manager for IE8 Deployment and Management.
When you install Internet Explorer 8 Beta 1 there are a few important things to do before you start. First, I recommend you review the system requirements to make sure IE8 is supported on your computer. Second, take a look at the IE8 Release notes to find known issues and workarounds, so you’ll know what to expect during installation. Third, if the installation fails, we have a knowledge base article...
After a successful run with the IE7 beta, we’re bringing back our monthly online Expert Zone Chats with members of the IE team. The first is this Thursday, March 20 th at 10:00 PDT/17:00 UTC. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. In case you miss the chat, a transcript will be published afterward and available online.
As we saw with the IE7 beta, these chats are a lot of fun and we hope you can join us online.
Kristen...
Note: The feature control key and mode information in this post is now outdated. Please refer to the updated post on this topic: http://blogs.msdn.com/ie/archive/2009/03/10/more-ie8-extensibility-improvements.aspx
Many commonly used applications and Windows system components depend on the MSIE WebBrowser control to render webpages from within their program. Unlike live sites, pages loaded within these controls are typically static resources stored in libraries and executables on a system. While...
One of our goals with Internet Explorer 8 was to improve the experience of managing add-ons by bringing more types of add-ons into the management experience, and to make that experience more usable. Originally introduced in Windows XP Service Pack 2, we’ve updated the management UI in a big way for IE8.
Here’s a screen shot of the new UI:
A familiar interface…
When you look at the Manage Add-ons UI, you’ll probably feel comfortable with it quickly – it looks a lot like a Windows File...
Hi! I am Saloni Mira Rai, a program manager on the Layout team, and I’d like to walk you through the changes in Zoom for Internet Explorer 8.
Zoom lets you enlarge or reduce the view of a web page to improve readability. The feature is particularly useful on really large and really small displays, allowing for scaling of content while maintaining the intended layout of the page. The second iteration of the zoom feature (first shipped in Internet Explorer 7) focuses on improving the existing experience...
With Internet Explorer 8 Beta 1 for Developers now out in the wild, we have received a good deal of positive feedback regarding our plans for CSS. The feedback includes the need for the specifics around CSS support for IE8 Standards Mode for both the current Beta and what is projected for the final release. This information allows you, the developer community, to test your sites and give quality feedback for features that are actually implemented in the current beta release. These details are posted...
2008/4
As we worked towards the recent release of Internet Explorer 8 Beta 1, the IE team focused hard on performance. As part of our effort to improve IE, our investigations have revealed several add-on performance problems. In this post, I want to share some of the common themes that we have discovered.
First, I would like to thank those of you who have provided feedback on this blog, in the IE Beta NewsGroup , and around the web . The Internet Explorer team has been working hard on performance in...
The IE team is pleased to announce the availability of Chinese (Simplified) and German versions of Windows Internet Explorer Beta 1 for Developers. The two languages released today are fully localized versions of the IE8 English Beta 1 , released March 5, 2008. They carry with them the same improved CSS 2.1 support, better scripting performance, and other features and improvements that the English beta 1 developer release contains.
Download links:
IE8 Beta 1 Chinese (Simplified) for Developers...
Hi, I’m Eric Lawrence from the Internet Explorer Security Team. With the RSA security conference kicking off this week, I wanted to start sharing more information about the security features and benefits of Internet Explorer 8 Beta 1. Over the next several weeks, we’ll blog in greater detail about some of the security improvements in Beta 1, such as the new Safety Filter, greater control over ActiveX controls, and new AJAX features for safer mashups (XDomainRequest and XDM). This is not a complete...
The IE Cumulative Security Update for April 2008 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 1 remote code execution vulnerabilities. This security update addresses this vulnerability by modifying the way Internet Explorer handles HTML and...
The IE Automatic Component Activation (IE ACA) update is now available as part of the April 2008 Internet Explorer Cumulative Update . The "click to activate" behavior, formerly required for ActiveX controls embedded in some webpages, is now permanently removed from Internet Explorer. For detailed information on IE ACA, see our blog post from last November announcing this update.
This update replaces the IE ACA previews released in December 2007 and February 2008.
Thanks,
Jefferson Fletcher...
With the release of IE8 Beta 1, I'm pleased to be able to talk about the first round of improved standards compliance and bug fixes in IE's HTML and DOM support for the new IE8 standards mode . Doug hinted at some of these improvements, and I wrote a little bit about them in the IE8 Beta 1 whitepapers here and here . In this post, I'd like to enumerate the 'change list' (of sorts) here on the blog in response to requests for such a list that I received at MIX08. Personally, I've been long-awaiting...
Join members of the Internet Explorer team for an Expert Zone chat this Thursday, April 17 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team.
If you can’t join us online, all chat transcripts are published here . Allow approximately 7-10 days following a chat for the transcript to go live.
Hope you can join us on Thursday!
Kristen Kibble Program Manager
If you’re a developer, there’s an easy way to give your eyes a rest and make yourself more productive. Use the Consolas font Microsoft developed specifically for you.
When we began work on a project to create a new set of fonts which would take maximum advantage of ClearType, we decided to develop a fixed-pitch font for developers - because no one ever thought of their needs, and we realized a highly-readable fixed-width font would make their lives a lot easier.
We call them the C* fonts because...
Have you ever seen this dialog while surfing the web in Internet Explorer?
You browse to your favorite news site. The content starts loading, you've already started reading the headline, and then it happens. Those of you familiar with the operation aborted dialog know that it spells sudden doom for the website you're currently viewing. Unsuspecting users have no idea what it means and simply click 'OK' and then watch in horror as the web page they were just reading disappears; only to be replaced...
2008/5
Hi.
My name is Jane Maliouta and I am the Deployment PM for IE8. You might remember my recent blog on Installing IE8 . Today I am here to tell you about Windows XP SP3 (XPSP3) and how it’ll work with the various released versions of Internet Explorer.
Windows XP SP3 contains some new updates, and a number of bug fixes and security improvements. You can learn more about XPSP3 features by reading the white paper located here . We expect XPSP3 will be publicly available shortly and want you to...
Hi, I’m Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited to be at the RSA security conference last month discussing the security features of Internet Explorer 8 Beta 1. In this, the second part of the IE8 Security blog series, I describe the ActiveX improvements in IE8 and summarize the existing ActiveX-related security features carried over from earlier browser versions.
Per-User (Non-Admin) ActiveX
Running IE8 in Windows Vista, a standard user...
Hi all,
Last week, I blogged about installing Windows XP SP3 and how it affects different versions of Internet Explorer (See my earlier blog post here ). Today I will be discussing installing branded/custom versions of IE7 on machines with Windows XP SP3 installed. This post is primarily aimed towards folks who use the Internet Explorer Administration Kit 7 (IEAK7) to create custom IE7 packages, like Internet Service Providers (ISPs) and web developers. If you ever installed the IEAK7, built a...
Join members of the Internet Explorer team for an Expert Zone chat this Thursday, May 15 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team.
If you can’t join us online, all chat transcripts are published here . Allow approximately 7-10 days following a chat for the transcript to go live.
Hope you can join us on Thursday!
Kristen Kibble Program Manager
Hello, I’m Sunava Dutta and I’m the Program Manager focused on improving our AJAX scenarios in IE8. In this short post I’ll introduce you to a feature we’re implementing in the browser that enables safer mashups. The Same Origin Policy (SOP) requires that browsers prevent script from accessing the contents of another domain to prevent cross site script attacks. Web sites today, like Facebook and Live among others, allow users to drag and drop third party ‘gadgets’ or applications to their page. As...
Related to the IE Blog post around mashups in Internet Explorer 8, the Jscript team has a great post on ECMAScript, Security and Mashups over on their blog. Check it out!
Kristen Kibble IE Program Manger
2008/6
In addition to the features for developers we showed in IE8 Beta 1 , we’ve been working on great new features for consumers and IT professionals (as well as doing even more cool stuff for developers). I’m happy to announce that we��re on track to deliver IE8 Beta 2 this August when you’ll get a chance to see what we’ve been up to in these areas. Furthermore, in order to help us get even more feedback for this global product, we’ll be releasing Beta 2 in over twenty languages within a month of the...
The IE Cumulative Security Update for June 2008 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses 1 remote code execution vulnerability and 1 information disclosure vulnerability. This security update addresses these vulnerabilities by modifying...
Bill Gates’ recent Tech Ed keynote and Tony Chor’s follow-up blog announced that IE8 Beta 2 will be available in August in many languages. We are encouraging sites to get ready for Beta 2 prior to release as it will present a big jump in IE8 browsing traffic.
What does “getting ready for IE8” mean for web sites? IE8 displays content in IE8 Standards mode – its most standards-compliant layout mode – by default. In previous blog posts, we’ve discussed how this aligns with our commitment to Web standards...
Yesterday at Tech Ed IT Pro 2008 in Orlando we announced some of the enhancements we’re making in Internet Explorer 8 to help IT Professionals deploy and manage IE8 within their organization. We wanted to share those with the IT Pros on our blog.
Over the last year we’ve surveyed over 2000 IT Professionals to understand their concerns and priorities for deploying and managing desktops and software within their organization. We learned that IT Pros have a lot of things to worry about - more than...
Join members of the Internet Explorer team for an Expert Zone chat next Thursday, June 19 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!
If you can’t join us online, all chat transcripts are published here . Allow approximately 7-10 days following a chat for the transcript to go live.
Hope you can join us on Thursday!
Kristen Kibble Program Manager
P...
As James and I mentioned in our blog post What’s coming in IE8 for IT Pros? , IE8 can now be slipstreamed into Vista and Window Server 2008 OS images. If you manage the desktop images for your organization, slipstream saves you time by simplifying the task of adding Internet Explorer 8 and any IE updates. If you’re adding Internet Explorer 7 to a Windows XP image you’ll typically install XP and then add IE7 before capturing the image -this can take 2 hours! With IE8 and Windows Vista, you are able...
As I mentioned in my post on Cross Document Messaging , client side cross domain request is an important area of interest for AJAX developers looking for ways to avoid expensive server side proxying calls. While Cross Document Messaging is useful for allowing third party components or gadgets embedded in a page to communicate/converse using script on both sides, other cross domain scenarios like web services require access to cross domain content using network requests from a client side web application...
Today we released the IE June Cumulative Security Update for Internet Explorer 8 Beta 1 for Developers on Windows Update . For detailed information on the contents of this update, please see the following documentation:
IE Blog Post: IE June Security Update Now Available
Microsoft Knowledge Base Article 950759
If you are using IE8 Beta 1 for Developers, we encourage you to download this security update through Windows Update or the Microsoft Download Center today.
Terry McCoy Program...
This blog post frames our approach in IE8 for delivering trustworthy browsing. The topic is complicated enough that some context and even history (before we go into any particular feature) is important, and so some readers may find this post a bit basic as it’s written for a wide audience. In previous posts here, we’ve written about IE8 for developers: the work in standards support, developer tools, script performance, and more. In future posts, we’ll write about IE8 for end-users (beyond the benefits...
2008/7
As someone whose email address is posted in thousands of forum posts, newsgroup discussions, and blogs, I get a lot of spam. Of the spam I receive, a significant number of messages represent phishing attacks . Most of these lures aren’t very clever or convincing, but phishing has become a simple numbers game—hosting phishing sites is cheap, and even if only a few users fall for any given phishing attack, attackers will profit by increasing the volume of phishing campaigns.
In Internet Explorer...
Hi, I'm David Ross, Security Software Engineer on the SWI team. I’m proud to be doing this guest post on the IE blog today to show off some of the collaborative work SWI is doing with the Internet Explorer team.
Today we are releasing some details on a new IE8 feature that makes reflected / “Type-1” Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit from within Internet Explorer 8. Type-1 XSS flaws represent a growing portion of overall reported vulnerabilities and are increasingly...
Hi! I’m Eric Lawrence, Security Program Manager for Internet Explorer. Last Tuesday, Dean wrote about our principles for delivering a trustworthy browser ; today, I’m excited to share with you details on the significant investments we’ve made in Security for Internet Explorer 8. As you might guess from the length of this post, we’ve done a lot of security work for this release. As an end-user, simply upgrade to IE8 to benefit from these security improvements. As a domain administrator, you can use...
Hi, I’m Sharath Udupa, developer on the IE team focusing on AJAX features for IE8. One of the AJAX improvements we adopted in IE8 from HTML5 is AJAX page navigations. In IE8 mode, we provide support for script to update the travel log components (for e.g. back/forward buttons, address bar) to reflect client-side updates to documents. This allows a better user experience where users can navigate back and forth without messing the AJAX application state.
For more information regarding the feature...
Join members of the Internet Explorer team for an Expert Zone chat next Thursday, July 17 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!
If you can’t join us online, all chat transcripts are published here . Allow approximately 7-10 days following a chat for the transcript to go live.
Hope you can join us on Thursday!
Kristen Kibble Program Manager
P...
Hi! It’s Bill Hill here again, still fighting the good fight to make typography on the Web as good as we’re used to seeing in print. We made significant progress this week, when one of the USA’s most prestigious font companies announced its support for the Embedded OpenType format for font embedding on the Web, and launched a new website to promote other browsers to support it in addition to Internet Explorer (which has had EOT support built-in since 1996).
At the same time, Ascender Corporation...
Developing technologies that work reliably on their own and as part of the computing ecosystem is core to our mission and is an important part of our commitment to Trustworthy Computing. Our customers and partners expect technologies and services they can depend on anytime, anywhere, and on any device. We focus on constant improvements to the dependability of our technologies and services.
For Internet Explorer, reliability means that the browser should always start quickly, perform well, connect...
As previously mentioned in the IE8 Beta Feedback post back in March, we have several ways to submit feedback on the IE8 Beta. Currently the only way to directly file a bug with the IE Team is to be a part of the IE8 Technical Beta program on Microsoft Connect . Beta 2 is right around the corner and we are expanding our reach! If you wish to be a part of making IE better by contributing great bug reports then please email us at IESO@microsoft.com and tell us a little about yourself including why you...
2008/8
The IE Cumulative Security Update for August 2008 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses six remote code execution vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles...
Earlier today, Jon DeVaan and Steven Sinofsky kicked off the Engineering Windows 7 blog ; we hope to have a discussion with the community about how we are building the next version of Windows, much like we have with the IE Blog and IE development. Be sure to check it out for yourself!
Tony Chor IE Group Program Manager
It’s been just over five months since the MIX08 conference and IE8 Beta 1. One of the things I remain committed to is the furthering of web standards through a comprehensive test suite for each standard. This is necessary to eliminate ambiguities or differences that cause implementation differences between user agents (aka browsers). Those differences create frustration for web developers who are just trying to build web sites that interoperate.
The IE team has been actively working on Internet...
Previous posts have covered trustworthy principles in general and some product specifics as well. Privacy is an important part of trustworthy computing. This post discusses one aspect of privacy on the web: third-party content.
When most people browse the web, they think what they see in the address bar and the site they are visiting are the same thing. However, web sites today typically incorporate content from many different web sites. For the sake of clear terminology, the site the user browses...
As others have written here before, users should be in control of their information. That’s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it’s used. Choice means putting users in control of their data and giving them tools to protect it.
Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know...
Hi! I’m Christian Stockwell, and I’m helping to improve Internet Explorer performance.
In the past few months, each of the browser makers has made very similar claims around their performance: “Superior speed and performance”, “The fastest and most powerful Web browser available”, and “The fastest web browser on any platform.” In some fundamental way, I think the likeness of these statements is a by-product of the complexity inherent in performance measurement and analysis.
Rather than join...
I am here to tell you how to upgrade to IE8 Beta 2. IE8 Beta 2 system requirements are the same as IE8 Beta 1 and it’s currently available in English, Chinese Simplified, German and Japanese. Stay tuned for more localized IE8 Beta 2 versions to be available shortly.
Windows XP or Windows Server 2003
Getting Ready
Before you start IE8 Beta 2 installation, there are a couple of things to keep in mind:
Uninstalling IE8 Beta 1
If you have Internet Explorer 8 Beta 1 installed, the...
At the start of the Internet Explorer 8 project we made a commitment to great website compatibility. It’s worth noting that this commitment hasn’t changed, even given the short-term impact of our announcement to better align with Microsoft’s interoperability principles. In other words, compatibility has been and continues to be a very important part of the Internet Explorer 8 feature set.
With Beta 2 we’re announcing a brand new feature known as Compatibility View. In a nutshell, Compatibility...
We’re excited to release IE8 Beta 2 today for public download. You can find it at http://www.microsoft.com/ie8 . Please try it out!
You’ll find versions for 32- and 64-bit editions of Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008. In addition to English, IE8 Beta 2 is available in Japanese, Chinese (Simplified), and German. Additional languages will be available soon.
While Beta 1 was for developers, we think that anyone who browses or works on the web will enjoy IE8...
Hi, my name is Paul Cutsinger and I’m the Lead Program Manager for the IE8 User Experience.
As Dean mentioned in his beta 2 announcement post, for IE8 we focused on improving people’s everyday browsing experience – what they do all the time. We looked closely at what people do and how they do it to design ways to make their browsing even better. For all of the top usage patterns, we looked for ways to reduce steps, introduce new capabilities, and improve on how people actually browse.
In this...
As Paul mentioned in Part 1 of this post, we’ve really focused on making your everyday browsing experience better. In addition to the useful changes he talked about, we’ve made IE8 even more useful with integrated services so that you can easily accomplish the common things you do on the web – search for a product, check the weather, map an address, and more)
In Beta 1, we showed how IE8 could be better with services with features like Accelerators and Web Slices (BTW, Accelerators are the same...
Hey there, just a short post to let you know that new VPC images are ready for download. You can access them from the tools section on the Internet Explorer Developer Center , too. Thank you for your patience!
Kristen Kibble Program Manager
Back in June, Dean Hachamovitch kicked off a series of blog posts explaining how the IE team approached the task of building a trustworthy browser. Trustworthiness is the foundation of Internet Explorer 8, and we’ve worked hard to deliver a product with improved security, reliability and privacy, while supporting these new features with responsible business practices that respect users’ choices.
Throughout a lengthy set of blog posts this summer, my colleagues and I have detailed the investments...
2008/9
Now that Beta 2 has released, I want to provide a short update on some of the smaller security changes the team has recently made. I’ve also linked to a great article on the IE8 XSS Filter implementation written by the architect of that feature.
Restricting document.domain
The document.domain property initially returns the fully qualified domain name of the server from which a page is served. The property can be assigned to a domain suffix to allow sharing of pages across frames from different...
In March I wrote about the Developer Tools in Internet Explorer 8 Beta 1 and outlined three key benefits:
Integrated and simple-to-use
Provide a visual interface to the platform
Enable fast experimentation
Internet Explorer 8 Beta 2 brings the Developer Tools closer to realizing the full potential of these benefits with significant improvements to existing features and new functionality meant to make you more productive.
Profiling and Debugging JScript
Beta 1 introduced a JScript...
Join members of the Internet Explorer team for an Expert Zone chat next Thursday, September 11 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!
If you can’t join us online, all chat transcripts are published here .
Hope you can join us on Thursday for our first chat sine IE8 Beta 2 released!
Kristen Kibble Program Manager
P.S. Upcoming IE chat dates are...
We’ve been sharing plenty about the work we’ve done in Internet Explorer 8 Beta 2 for browser users; we also want to share some of the notable advances we’ve made in the web developer platform in Beta 2. This post serves as an overview of the web platform changes since beta 1 that will be covered in more detail in the coming days and weeks.
The Layout Engine
First and foremost, we’ve been hard at work improving our standards support – we are now “CSS2.1 property complete,” meaning we’ve implemented...
As you may know, all browsers have a set of CSS features that are either considered a vendor extension (e.g. - ms-interpolation-mode ), are partial implementations of properties that are fully defined in the CSS specifications, or are implementation of properties that exist in the CSS specifications, but aren’t completely defined. According to the CSS 2.1 Specification, any of the properties that fall under the categories listed previously must have a vendor specific prefix, such as '-ms-' for Microsoft...
One of the key themes for IE8 is developer productivity. IE8 Beta 1 improved developer productivity through an optimized core scripting engine and script debugger. In this release, we continued to invest in the areas that bring more power and productivity to the web developer community. Here is a quick summary of the work that we’ve done for IE8 Beta 2:
Scripting Engine
Many enhancements have been done to the scripting engine. One feature that will bring a lot of value to the AJAX developers...
For Beta 1, we discussed some of the technical improvements (like domain highlighting, multi-line paste, and improved click behavior) we made to IE8’s address bar. For Beta 2, we took the covers off of even bigger changes which fit in with our goal of making navigation easier and faster with IE8.
Starting with Beta 2, when you type in the Address Bar, IE8 returns results not just based on the URL of the sites you’ve visited, but the title and other properties as well. It has an updated look that...
As you may have guessed from the title of this post, Internet Explorer 8, as of Beta 2, offers native JSON parsing and serialization. This new native JSON functionality enables Internet Explorer 8 aware AJAX applications to run both faster and safer!
What’s JSON?
For those of you that are not die hard AJAX developers, allow me to provide a bit of background. JSON is a simple human readable data interchange format often used by AJAX applications when transmitting data between the server and...
Hello everyone!
One of the features we improved in IE8 is the ‘new tab’ page, which is the page you see by default when you click the New Tab button on the Tab row, or if you hit CTRL+T (the keyboard shortcut that does the same thing). We’re the Program Managers for this page and would like to walk you through the history and evolution of this feature to what it is today in IE8 Beta 2.
When IE7 was released in 2006, many users did not know what tabs were, so our new tab page didn’t really do...
As mentioned in the first post on this topic , the IE8 Smart Address Bar works better with Windows Search installed. However, IE8 does not require Windows Search, and IE8 will still provide a superior experience to IE7 if it’s not there. We are going to go through and detail the differences between IE8 with and without Windows Search so people can understand the trade-offs.
To start with, we made a choice to use Windows Search as our index & query engine when we began work on IE8 almost two...
Hello! I am Sameer Chabungbam, one of the Program Managers on the JScript Team.
The recently released Beta 2 of Internet Explorer 8 contains a lot of improvements which are aimed at making developing web applications on Internet Explorer 8 easier and more productive. One of these improvements is the JScript Profiler in Developer Tools, which provides critical JScript related performance data to a web developer that helps identify and fix performance related issues. We believe the Profiler is going...
In an earlier post , we introduced the new IE8 Smart Address Bar dropdown functionality. Now we thought we’d spend some time discussing some of its less obvious features in more detail.
More about the IE8 Smart Address Bar Autocomplete Suggestion
With Windows Search installed, IE8 makes an attempt to determine what site you’re trying to get to. The site that it determines is most likely the one you’re looking for is called the “Autcomplete Suggestion.” This entry is given the SHIFT+ENTER shortcut...
Hello World! I’m Sharon Cohen, Program Manager for Search in Internet Explorer 8.
If you’re already using IE8 Beta 2, you’ve probably already seen the new search features available in IE8, perhaps you’ve even tried them out. Today I’d like to show you these features in greater detail and fill you in on some of the things we were thinking about when we created them.
Our goal for IE8 is to make searching for what you need faster and easier. We want you to search for the right term on the right...
In August 2008, Dean announced the release of IE8 Beta 2 in English, Japanese, Chinese (Simplified), and German. Today the IE team is pleased to announce the availability of Internet Explorer Beta 2 in 21 additional languages. The languages released today are fully localized versions of the IE8 English Beta 2.
The Complete List of IE8 Beta 2 Languages
Arabic
Chinese (Hong Kong)
Chinese (Simplified)
Chinese (Traditional)
Czech
Danish
Dutch
English
Finnish...
Hello,
My name is Sébastien Zimmermann. I’m the developer owner for the Visual Search Feature , which Sharon already described in detail. I also own the Accelerators Button Feature , and during IE7 worked on Setup and Phishing Filter—now “ SmartScreen® Filter ”.
In this post, I would like to get you started on creating your own Visual Search service/provider for Internet Explorer 8. If you own or develop websites of any kind—even if it’s a small website or an intranet site—this post is for...
Hi, my name is Jatinder Mann and I work on the Internet Explorer Administration Kit (IEAK) and Group Policy. Back in June , James Pratt and Jane Maliouta alluded to IEAK improvements for IE8. Today, I will be talking about the work we have done in this area.
Internet Explorer Administration Kit 8 Beta
IEAK8 Beta is now available publically for everyone to try. To give you some background, the IEAK allows you to deploy customized packages and manage IE settings post deployment within corporations...
The latest Application Compatibility Toolkit (ACT) release, ACT 5.0.5428.1080 is publicly available and can be downloaded here .
To give you some background, ACT helps customers understand their application compatibility situation by helping identify which applications are compatible with Vista, IE7, and IE8 and which require further testing. ACT allows compatibility data to be uploaded from individual machines to a central location for analysis, grouping and reporting. Once an issue has been...
Greetings, I’m Russ McRee of Microsoft’s Online Services Security & Compliance Incident Management team. My team serves as incident handlers for the various types of attacks our online services face. High on the list of incidents we handle are cross-site scripting attacks.
There’s an unfortunate misconception surrounding cross-site scripting (XSS) attacks that result in them being perceived as less impactful than other types of attacks, and often more theoretical than practical. I believe...
Hi, my name is Helen Drislane, I am a program manager on the IE team responsible for some of the user interface including tabs and I‘m going to discuss the new Tab Grouping feature (tab color!) with you. We had a lot of fun putting this feature together, so I am going to explain a little bit about the process involved in designing it and then describe the things you can do with it.
EVOLUTION OF THE DESIGN AND ALGORITHM
After shipping Internet Explorer 7, the IE team collected data from user...
2008/10
Hi. In previous posts I talked about the IE8 IEAK and new event logging for IE8 in the Application Compatibility Toolkit . Today, I’m going to discuss the improvements we made to Group Policy support for Internet Explorer 8.
Background
For those of you who might be new to Group Policy, here is a quick background. Let’s first assume you use an Active Directory environment to administer the computers in your corporate network. If that is the case, Group Policy provides a wide set of policy...
Sunava Dutta here, a program manager focused on improving AJAX in the browser! Now that Internet Explorer 8 Beta 2 is out, I want to write about some of the latest rounds of enhancements we’ve made. As many of you may recall, back in March we discussed a set of developer experiences in AJAX across scenarios such as client-side cross-domain data access, local storage, and navigation state management among many others. The good news is our team has been working since Beta 1 to tweak and update our...
Join members of the Internet Explorer team for an Expert Zone chat next Thursday, October 16 th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!
If you can’t join us online, all chat transcripts are published here .
We want to hear your feedback on IE8 Beta 2!
Kristen Kibble Program Manager
P.S. Upcoming IE chat dates are posted here .
The IE Cumulative Security Update for October 2008 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses six vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting...
Design criteria such as standard compliance, performance, reliability and security framed the design of IE8 as whole, for new as well as existing features. As a result, CSS expressions are no longer supported in IE8 standards mode. This change was announced previously on the IE blog , however, this post will provide a few more details about that decision. The following FAQ will give a quick overview of the feature, the rationale behind our design decision and what it may mean for your own site. ...
When Internet Explorer 8 Beta 1 launched in March, I wrote a post describing the permissive intellectual property licensing approaches we took for components of that release, such as Creative Commons licenses for copyrights in selected specs and the Microsoft Open Specification Promise (“OSP”) for implementations of those specs.
Now with the launch of Beta 2, I’m happy to highlight a few ways we’re continuing to make our innovations available to the community. By doing so, we hope to continue...
In preparation for the Professional Developers Conference , the IE team recently authored some articles for a special issue of Code Focus magazine . The articles cover everything from cross-version compatibility to performance, and include new sample code.
You can read the articles online at the following locations:
Welcome to CoDe Focus for Internet Explorer 8!
What’s New in Internet Explorer 8 Beta 2?
Making Your Web site Compatible Across Multiple Versions of Internet Explorer ...
2008/12
A few of the startups building browser Add-Ons have organized the first ever Add-On Con , to take place in Mountain View on Dec 11, 2008. We thought it was such a cool idea that we decided to co-sponsor the event (Mozilla is the other sponsor). We will be giving some sessions about extending Internet Explorer, and Mozilla and Google will be presenting about their respective web browsers. Many companies with successful Add-Ons will be sharing their stories and experiences, so it’s a great education...
The next public update of IE8 (for Windows Vista- and Windows XP-based operating systems as well as the Windows 7 Beta) includes improvements to Compatibility View that help end-users when they visit web sites that are not yet ready for IE8’s new, more standards-compliant defaults. This blog post describes the technical background and how this new functionality works.
A Brief History of Standards, Interoperability, Compatibility, and IE8
As we improve the interoperability of Internet Explorer...
The IE Cumulative Security Update for December 2008 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses four remote code execution vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer validates...
Hi, my name is JP Gonzalez-Castellan and I’m the Accessibility Program Manager for IE8. The IE team has been working towards making IE8 the most accessible browser possible, and we wanted to detail some of the work we’ve done toward this end. In this post I will provide you with some background on Accessibility, I’ll cover new UI features (Caret Browsing, Find on Page, Adaptive Zoom , High DPI , etc) and also platform features (support for ARIA , support for IAccessibleEx , and support for additional...
As publishing and layout standards for web documents, HTML 4.01 and CSS 2.1 define relatively few user experience requirements for browsers. One of them, however, mandates the ability for end users to switch among a set of mutually exclusive document styles defined by the author. This feature is known as alternate style sheets. Significantly, the end user must also be able to turn off all styling.
Unfortunately, Internet Explorer did not expose this feature in the user interface until IE8 Beta...
Internet Explorer is releasing an out-of-band update available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses one remote code execution vulnerability. The security update addresses the vulnerability by modifying the way Internet Explorer validates data binding...
After a great turnout this year, we are continuing our monthly online Expert Zone chats with the IE Team in 2009. Here is our schedule for the first half of next year:
January 22 nd
February 19 th
March 19 th
April 23 rd
May 21 st
June 18 th
All our chats start at 10.00 PST/18.00 UTC. These chats are a great opportunity to have your questions answered and hear from members of the IE product team. In case you miss the chat, a transcript will be published afterward and available...
Cheers! The IE Team
2009/1
We believe IE8 helps make browsing the web faster, easier, safer and more reliable. To help our users be more secure and up-to-date, we will distribute IE8 via Automatic Update (AU) and the Windows Update (WU) and Microsoft Update (MU) sites much like we did for IE7. We know that in a corporate environment, the IT organization will often want to delay the introduction of a new browser until they have tested compatibility with internal applications and sites. We’ve done a lot of work in IE8 to maintain...
As announced in February 2008 , Internet Explorer 8 sends an updated user-agent string when interacting with web servers. Since we last blogged about the User-Agent string, the Internet Explorer team introduced Compatibility View and today, the Windows team is releasing the Windows 7 Beta . Each of these events has a small impact on the User-Agent string, as I will outline in this post.
The Trident/4.0 User-Agent String
In order to help users visit sites that block the “MSIE 8.0” user-agent...
The Windows 7 Beta includes a beta of Internet Explorer 8. I say “a beta” because IE8 in Windows 7 Beta is a pre-release candidate build of IE: it’s IE8 Beta 2 plus end user features that are only available on Windows 7 plus many fixes based on feedback we’ve gotten from IE8 Beta 2 usage. This post is an overview of what you’ll find new in Windows 7’s Internet Explorer, as well as some suggestions about how to get the best experience with this pre-release software.
Tabs in the Taskbar
Tabs...
As a Program Manager, I love to write feature specifications (that’s a job description requirement)! In each spec, PMs carefully weigh the pros and cons of certain design tradeoffs , consider the customer requests, available feedback and telemetry data , etc. Based on all of that information, we make certain informed assumptions about what we would like to build and how. Despite our best planning efforts, we know that some of the assumptions made in early specs may change at any time through development...
Back in October , Sunava described changes that we made to the XDomainRequest (XDR) object in IE8 between the Beta 1 and Beta 2 releases. This object allows your AJAX web pages to request data from sites with a different hostname from the page itself, something that IE doesn’t allow for security reasons via XMLHttpRequest . Since Beta 1 we’ve been working with the W3C Web Application group on the Access Control framework and the changes we made in Beta 2 were to adopt the Simple Cross-Site Access...
Hi, my name is Tony Ross and I’m one of the Program Managers for Internet Explorer. As JP mentioned in an earlier post , the IE Team has been working to make IE8 the most accessible web browser possible. We have also been working on improving interoperability and making things easier for web developers. Following these goals, I want to introduce you to a change we’ve made in the RC aimed at improving our support for ARIA , a syntax for making dynamic web content accessible. I’ll walk you through...
Join members of the Internet Explorer team for the first Expert Zone chat of 2009 this Thursday, January 22 nd at 10.00 PST/18.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended our previous chats!
Other upcoming Expert Zone chat dates can be found here . If you can’t join us live, the transcript for all chats are available here .
Sharon Cohen Program Manager
…notice this yesterday while running the Windows 7 Beta:
If you open the newly redesigned whitehouse.gov in Internet Explorer 8 on Windows 7 Beta, you’ll notice that the dropdown menus don’t hide correctly when you hover over other menu items.
This is because the version of IE8 in Windows 7 Beta is somewhat older than the Internet Explorer 8 Release Candidate (IE8 RC1) that we're about to release for Windows Vista and Windows XP. Internet Explorer 8 RC1 displays whitehouse.gov correctly...
I’m Christian Stockwell, a Program Manager on the IE team focused on browser performance.
Measuring the overall performance of websites and web browsers is important for users comparing the performance characteristics of competitive browsers, developers optimizing their websites for download times and responsiveness, browser vendors monitoring the performance implications of code changes, and everyone else who is generally interested in understanding website performance.
I thought it would...
Hello all,
Just like for previous beta releases, I am going to guide you through the upgrade steps for Internet Explorer 8 Release Candidate 1 (IE8 RC1).
Before we begin, let me summarize the major changes you will see when installing IE8 RC1:
If you are a Windows Vista or Windows Server 2008 user and you are upgrading from IE8 Beta 1 or Beta 2 to IE8 RC1, you are no longer required to manually uninstall earlier IE8 builds. Instead, IE8 RC1 installer will automatically upgrade your machine...
We're excited to make the IE8 Release Candidate available today for public download today in 25 languages for Windows Vista, Windows XP, and Windows Server customers. You can find it at http://www.microsoft.com/ie8 . Please download it now and try it out . We welcome your feedback !
What’s New
The team will post more about all changes between Beta 2 and RC. In brief:
Platform Complete . The technical community should expect the final IE8 release to behave as the Release Candidate does...
The Internet Explorer 8 Release Candidate is the last major IE8 testing milestone. It indicates that we believe that IE8 is implementation complete for CSS 2.1 . We also believe IE8 RC1 has the most complete implementation of the CSS 2.1 specification in the industry.
The only way to know if a browser has correctly implemented a specification is to develop a comprehensive set of tests for the specification. These can be used to determine both the support for a specific part of the spec and the...
As we planned Internet Explorer 8, our security teams analyzed the common attacks in the wild and the trends that suggest where attackers will be focusing their attention next. Over the course of IE8’s development, we’ve also worked closely with those in the security research community to stay on top of new classes of threats. One of the most subtle and interesting web application security vulnerabilities is called Cross Site Request Forgery (CSRF); security researcher Jeremiah Grossman calls CSRF...
Since the release of Internet Explorer 8 beta 2, we’ve listened, watched and learned a lot about how people use the new features and our focus has been to refine them for RC1 (the Release Candidate).
This post will give you an overview of the end user changes we’ve made which we’ll discuss in detail over the coming weeks.
In IE8 we made a big push to make sure you can easily get to the sites and use the services you care about. If you’re anything like us, you visit a lot of websites and use...
This is one of my favorite times in the product cycle. IE8 is platform complete and as we get closer to releasing the final product, more and more web developers and designers will take advantage of the browser’s features to enable scenarios we haven’t even imagined!
Since the release of IE8 Beta 2 we’ve listened to feedback from many channels including IE8 Beta Feedback , standards working groups and this blog. We’ve made thousands of platform improvements in response to both feedback, and from...
2009/2
Hi, my name is Kymberlee Price, and I recently joined the Internet Explorer team as a Security Program Manager for IE8, working with Eric Lawrence. Prior to this I spent five years in Microsoft's Security Engineering & Communications team (MSEC) where I founded the Security Researcher Community Outreach team in 2003 and drove the first three BlueHat events. I joined IE at the perfect time to watch a new security feature be created, and thought customers and security researchers might be interested...
One of the things that I learned from working on IE is that there are common patterns of how users browse the web, yet what they browse varies person to person. We designed Visual Search Suggestions, Accelerators, and Web Slices to simplify common patterns with the flexibility for you to customize these features with services that you enjoy. I want to explain how IE8 treats services and share how I personalize IE8 with my favorite services in less than 5 minutes.
Out-of-box services
We want...
The IE8 feature Suggested Sites helps you discover related sites that can be helpful to get more information about your interests. Under the hood, Suggested Sites is a system that provides suggestions by using a collection of users’ visited sites. You may be wondering how Suggested Sites works with the investments we’ve made in privacy . Respecting user privacy and giving the user control over the data provided has been part of the design philosophy of Suggested Sites since the beginning. This blog...
A few weeks back, we announced Compatibility View improvements available in the Release Candidate build of IE8. As you’ll remember from my previous post, users can choose to receive a list of major sites that are best viewed in Compatibility View . When navigating to a site on the list, IE8 will automatically display the site in Compatibility View without requiring the user to press the Compatibility View button. There’s been a lot of really good discussion around this and a few common questions...
Hello, I'm Alex Glover and I'm the test owner of the SmartScreen Filter in Internet Explorer 8. The SmartScreen Filter helps protect IE8 users against phishing scams and sites distributing malware . In a previous post , Eric described the SmartScreen features and improvements over the Phishing Filter in IE7, such as anti-malware support, new user interface, and better performance. Today I'm going to talk about how SmartScreen works with other features to combat malware, and describe the changes we...
The IE Cumulative Security Update for February 2009 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses two privately reported vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the...
We’ve previously blogged about Compatibility View ; this post is a follow-up on compatibility and Internet Explorer 8 RC1.
As you are browsing the web with Internet Explorer 8 RC1, you might come across some web sites where everything is not displayed correctly:
These issues can be fixed by clicking on the Compatibility View button on the address bar:
This button draws the page the same way that Internet Explorer 7 would - allowing content designed for older web browsers to still work...
As we've now entered the last major phase of our product cycle, we’d like to thank everyone for their dedication to making Internet Explorer 8 a better product. As mentioned in IE8 Beta Feedback our Technical Beta Program provides a way for an invited set of beta testers around the world to test and file bugs against IE8. Since the release of beta 1, the technical beta community has continuously provided excellent feedback and we have fixed a significant amount of bugs because of it. By rating your...
Join members of the Internet Explorer team for an Expert Zone chat this Thursday, February 19 th at 10.00 PST/18.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended our previous chats!
If you can’t join us live, the transcript for all chats are available here . Other upcoming Expert Zone chat dates can be found here .
Sharon Cohen Program Manager
We’ve said a lot about our approach to website compatibility in general and the Compatibility View feature in particular. But because we've shared this information across multiple blogs and sources, I’d like to quickly recap what we’ve previously announced in summary form and provide links to additional content / reading as necessary.
IE8 Standards by Default
Going into IE8 Beta 1, the Internet Explorer team demonstrated its commitment to interoperability and web standards by announcing that...
Sincere apologies for the trouble we had this morning with the IE chat. A problem in the tool prevented us from initiating the chat. We plan to reschedule and will let you know the new date as soon as possible. As always, previous transcripts are available here .
Sharon Cohen Program Manager
Opacity. Gradients. Drop shadows.
Long before CSS proposals for Transitions and Transforms , Internet Explorer 4 supported visual special effects through CSS. This capability was further extended by Internet Explorer 5.5. As an example, the following rule could be used to apply opacity to an object: filter:progid:DXImageTransform.Microsoft.Alpha(opacity=50);
Partly as a consequence of its early design, the syntax for filter properties violates the CSS 2.1 grammar: it includes a ‘:’ character...
The February Expert Zone Chat has been rescheduled for Tuesday, February 24 th at 10:00AM PST/18:00 UTC. If you can’t join us live, the transcript for all chats are available here .
See you Tuesday.
Thanks everyone!
-Allison
We wanted to let you know that an update was released earlier today that will improve Internet Explorer’s reliability for users running the Windows 7 Beta. The update is now available via Windows Update , and can also be downloaded via Microsoft Update .
In this post we’ll discuss how we used the information that we’re receiving from Windows 7 Beta customers to determine the reliability fixes to include in this update.
We use the term “reliability” to broadly encompass all types of stability...
Myself as well as some other people from the team recently sat down with Charles Torre from Channel 9 to talk about IE8. We thought you might enjoy these:
Accelerators with Jon Seitel
Developer Tools with John Hrvatin
Search with Sharon Cohen
Web Slices with Jane Kim
You can check out all the IE8 related videos on Channel 9 here . There are also some interesting IE8 “How Do I” videos on MSDN.
Thanks! Sharon Cohen Program Manager
2009/3
Internet Explorer 8 has a new feature that keeps you in control of your search engine default, by informing you when software attempts to change your settings.
If you are using Internet Explorer 8 Beta 2 or RC1, you might have seen the following dialog when installing new software:
The default search preference is the search engine Internet Explorer uses when you type a search query into the search box in the top-right corner of the main Internet Explorer window:
(Wikipedia is set...
Web Slices are a cool new feature in Internet Explorer 8! With Web Slices, users can add little snippets of the web to the favorites bar and monitor their updates. Web Slices were introduced in a previous post here . In this post, I want to walk you through creating a dynamic Web Slice in as little as 5 minutes!
What is a dynamic Web Slice?
Dynamic Web Slices use an Alternative Display Source (not to be confused with Alternative Update Source ). As the name suggests, the content displayed in...
Mix09 is just around the corner, approaching quickly. I’m really excited to get back to Vegas and back to the conference. The Internet Explorer sessions are now live on the MIX website ( http://2009.visitmix.com ) and there’s lots of great content there. If you aren’t already registered, there is still time. It’s a great opportunity to find out what’s going on with Internet Explorer. Many people from the engineering team will be at the conference both giving talks and helping out at the IE compatibility...
Internet Explorer 8 now allows users to more easily manage their toolbars and add-ons. Feedback from Internet Explorer 7 users clearly indicated that there is a need for easier management of toolbar and add-ons.
Our IE7 user feedback showed that less experienced users had problems with hiding toolbars to free up browser screen real estate, or to get rid of a toolbar that they no longer wanted. More experienced users understood that any toolbar and add-on that runs in a browser will have an impact...
We’ve made a few improvements to our extensibility model in IE8 RC1 based on feedback we’ve received both internally and externally.
WebBrowser (WebOC) Rendering Mode Changes
About a year ago, I posted an entry talking about WebBrowser Control Rendering Modes in IE8 . You may recall that applications using the WebBrowser Control (also known as the WebOC, or Trident hosts) can use a Feature Control Key to select the default rendering mode of webpages they load.
Since our release of IE8 Beta...
Hello, my name is Amy Adams and I’m a Lead Software Design Engineer in Test on Internet Explorer’s Web Service Integration team. I wanted to take this opportunity to talk about the different mechanisms for providing a great and secure experience for Web Slices and feeds. We first described Web Slices when we launched them in IE8 beta 1, and also talked about the improvements we made to Web Slices and RSS in IE8 beta 2 as well as the post Ritika recently made about Dynamic Web Slices .
Now available...
Reports of broken sites are an important part of the feedback the IE team receives from the community. When we receive a report of a broken site, we take it and identify the core issue causing the problem. A number of these issues end up being side effects of changes we deliberately made in IE8, but even these are useful. They help us identify which IE8 changes have the broadest compatibility impact. In this post I'll share some of these issues with you so you can quickly identify problems affecting...
The March IE Chat will be rescheduled for March 25 th at 10:00AM PST/18:00 UTC. A significant number of the IE PM team will be attending the Mix09 conference in Las Vegas on March 18-20 th and didn’t want to miss out on chat. We apologize for any inconvenience.
See you next Wednesday!
Thanks! Allison Burnett Program Manager
While the team continues getting ready for Mix09 coming up this week, we wanted to let you know about another unique opportunity coming up next week. On Thursday, March 26 th , the IE team will host the Internet Explorer 8 FireStarter event. This is a one-day conference with IE8 talks from myself and other team members. If you are local to Redmond, we invite you to attend the event in person . Other options to attend are via Live Meeting or at a live streaming session hosted by your local user group...
Thinking back, I think we can all remember a time sitting in our high school computer labs, clamoring away on the keyboard trying to finish some assignment our Computer Studies teacher, Mr. Smith for the example I’m going to use in this post, had assigned. Something that I always found amazing was how the high school IT Administrators, usually also Mr. Smith, would be able to manage such an environment on a relatively tiny budget.
Today’s large corporations can afford fairly specialized IT Pro...
Today we’re excited to release the final build of Internet Explorer 8 in 25 languages. IE8 makes what real people do on the web every day faster, easier, and safer. Anyone running Windows Vista, Windows XP, and Windows Server can get 32- and 64-bit versions now from http://www.microsoft.com/ie8 . (Windows 7 users will receive an updated IE8 as part of the next Windows 7 milestone.)
We’ve blogged a lot here about what’s in IE8. Stepping back from individual features, Internet Explorer is focused...
Hi, I’m Kris Krueger, the Test Lead for the developer platform in Internet Explorer.
When we announced the IE8 Release Candidate , the call to action for site owners, software developers, designers, and administrators was to test with the Release Candidate build and make any changes necessary to create the best possible customer experience with IE8. We stated that we would continue listening to feedback from the community, but would be very selective about the changes to the platform made from...
Internet Explorer 8 represents a leap forward in support for web standards. We believe that IE8 has the first complete implementation of CSS 2.1 in the industry and it is fully compliant with the current CSS 2.1 test suite.
The only way to know if a browser has correctly implemented a specification is to develop a comprehensive set of tests for the specification. Those tests are the best reference for how a browser will behave when you’re writing a web page.
Today, the IE Team is submitting...
Thank you to everyone who has provided the IE Team with feedback on IE8. Your dedication to making this product the best it can be is truly amazing. Here is an update on the feedback channels mentioned in IE8 Beta Feedback blog post back in March of 2008:
IE8 Technical Beta – We invited a group of beta testers, including anyone who emailed us, from around the world to test and submit issues on IE8 through Microsoft Connect .
Compared to feedback during IE7, we received a high percentage...
During Beta1 and Beta2 pre-releases of IE8, we’ve blogged about the performance optimizations done in the Script engine and the addition of new language features such as native JSON support . We also provided details about the JScript Debugger and the JScript Profiler –that shipped as part IE8 Developer Tools
One of the big pieces of feedback during our beta cycles was for compatibility, which, for JScript, meant focusing on how we version some of the language features we’re adding. As a result...
Just a quick reminder that we’ve got two great opportunities for you to interact with the IE team this week.
Tomorrow, March 25 th at 10.00 PDT/17.00 UTC is the Expert Zone chat . This is our first chat since IE8 released and we are excited to hear what you think and answer your questions.
Thursday, March 26 th is the Internet Explorer 8 FireStarter event . This is a full day of talks and discussions about IE8. Everyone is invited to attend either in person or via Live Meeting .
Thanks,...
Over the last year, we’ve published two posts about how the IE8 SmartScreen ® filter helps to prevent phishing and malware attacks. In this post, I’d like to share some real-world data on the protection provided to IE8 pre-release users by the anti-malware feature. We’ve invested heavily in this feature, and we’ve seen significant results.
Here are some key statistics:
We have delivered over 10 million malware blocks in the past six months
That’s a block for one out of 40 users, every...
Accelerators are a robust and customizable way of bringing you closer to the services you use most. We’ve said a lot about the technology behind Accelerators and how to build on it, but I thought it might be nice to step back for a minute and look at some of the things people have already built. So for the rest of this post, I’ll be throwing a few interesting Accelerators into the spotlight.
These are five Accelerators that I thought were notable in some way, either because they did something...
I’ve blogged about the Compatibility View features included in Internet Explorer 8 a few times during the Beta 2 and Release Candidate milestones. Now that Internet Explorer 8 has released, I wanted to follow-up with a quick post highlighting the content that’s been created on MSDN regarding the Compatibility View List.
To review, Internet Explorer 8 includes a suite of features under the umbrella term ‘Compatibility View’. These features give users a way to mitigate website compatibility problems...
2009/4
For those of you who didn’t make it to MIX, I wanted to take a quick minute to point out that the MIX team has made all of the sessions available for viewing and downloading. If you’re building any type of web site or web application, I’d highly recommend checking out Eric’s Security session and John’s performance session. Both will give you some great tips for writing better code, not just in Internet Explorer, but for browsers in general.
A Brief History Of The Web
http://windows.com...
In a previous post , Andy wrote about some of the new features we introduced to improve reliability in Internet Explorer, such as Loosely Coupled IE and Automatic Crash Recovery. These features help minimize the impact of reliability issues (such as crashes and hangs) once our users encounter them, allowing them to return to their original browsing state as soon as possible.
From an engineering perspective, our goal is to minimize the occurrences of these issues in the first place. In today’s...
For the past several months, I’ve had the unique pleasure of helping to diagnose a variety of web site compatibility problems. Now I realize that I just called debugging web site issues a “unique pleasure”—why? Because I was able to use IE8’s enhanced script error dialog and developer tools! I found that script errors are one of the most common web site compatibility issues—often the source of many visual discrepancies in the layout of a page. These errors raise a lot of questions. What can you do...
In January we blogged about our plan to distribute IE8 via Automatic Update/Windows Update (for simplicity, we'll refer to this as Automatic Update for the rest of this blog post). This post provides some additional information about how users and administrators are in control of browser upgrades.
Last week, we released IE8 via Automatic Update to users still running pre-release versions of IE8 (Beta 2 or Release Candidate 1). The goal was to make sure users who chose to install IE8 have the latest...
Yesterday was a significant milestone in the web’s continuing evolution—the announcement of ECMAScript, Fifth Edition Candidate Specification (formerly known as ECMAScript 3.1 back when I last mentioned it ); the “Candidate Specification” stage is the last stop on the road to becoming a final standard. Read more about it on the Jscript blog !
This is a great achievement and paves the way for enhanced web programming scenarios in all browsers. I’d also like to personally thank Allen and Pratap...
The IE Cumulative Security Update for April 2009 is now available via Windows Update or Microsoft Update .
This update addresses four privately reported vulnerabilities and two publicly disclosed vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer searches the system for files to load, performs authentication reply validation, handles transition errors when navigating between Web pages, and handles memory object. For detailed information...
Join members of the Internet Explorer team for an Expert Zone chat this Thursday, April 23 rd at 10.00 PST/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended our previous chats!
Other upcoming Expert Zone chat dates can be found here . If you can’t join us live, the transcript for all chats are available here .
Thanks! See you Thursday.
Allison Burnett Program Manager
I am a user interface tester on the Internet Explorer team and one of my favorite things about any application is the ability to personalize the program to give it your own look and feel.
I am never content with ubiquitous one-size–fits-all solutions and really look forward to products that value user choice. I’m excited that IE8 now has some personalization options and this cycle I have been fortunate to work on two such features – IE8 Look and Feel (customizations around the Command bar) and...
Do you read about Internet Explorer and related technologies on MSDN? We’ve recently reorganized the table of contents for the HTML/DHTML Overviews . We would like your feedback.
Hi! My name is Lance Leonard; I'm a Programmer/Writer on the Internet Explorer Developer Content team. I'm part of the team that’s responsible for the content on MSDN that relates to Internet Explorer, specifically HTML and CSS and Internet Explorer Development .
You may have noticed that we've added a lot of new content...
We are pleased to announce the availability of Internet Explorer 8 in 18 additional languages. Internet Explorer 8 is now available in a total of 43 languages.
List of NEW Internet Explorer 8 Languages:
Language
Code
Windows Vista
Windows Server 2008
Windows XP
X86
X64
X86
X64
X86
Bulgarian
BGR
Yes
Yes
Yes
Yes
Yes
Bosnian (Cyrillic)
BSC
Yes
-
...
The idea behind Accelerators has always been to reduce the distance between services and the end-user. Ideally, we’d like people to be able to select content, very quickly find the service they want to use, and then preview or execute the output of that service easily.
Because of that, we found it really important to make sure that nothing hinders users from finding the services they’re interested in. Of particular concern was the case of users with many installed Accelerators—trying to pick out...
2009/5
The sixth edition of the Security Intelligence Report (SIR), Microsoft’s semi-annual report on the state of computer security was published on April 8, 2009. Using data derived from hundreds of millions of computers worldwide and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in:
Software vulnerabilities (both in Microsoft software and in third-party software)
Software exploits
Security and privacy breaches
Malicious and...
As a follow-up to my prior blog post about Automatic Update/Windows Update distribution that began gradually in April, I want to provide an overview of the control users have over the installation and experience.
First, to reiterate what I explained last month: when offered by Automatic Update, IE8 will not automatically install- the user has control over whether to upgrade to IE8. When offered IE8, three choices are offered: Ask later, install, or don’t install. If one chooses “Ask me later”...
With the “final” release of IE8 for Windows Vista and other versions of Windows in several languages , we’ve been focused on finishing IE8 in Windows 7. We’ll blog soon about the updates in IE8 in the Windows 7 Release Candidate around the Windows 7-specific features , like tabs in the taskbar, jump list, and touch. Today’s post is about reliability and telemetry.
As in Win7, an important goal in IE8 was increasing reliability. For example, IE8 isolates crashing tabs from each other. If you’re...
As we described on Monday , the IE8 in Windows 7 RC includes additional tab “hang” reporting functionality. This functionality relies on a timer threshold to determine when a tab might be unresponsive. This threshold was calibrated based on data from internal Microsoft users.
As we began to look at data coming in from real-world Win7 RC users, we noticed that some users are being prompted to recover from hung tabs more frequently than some would like. We stated on Monday that if the data suggests...
Just wanted to get a post out to let people know that we’ve updated the IE VPC Test images. These images are meant to make it easier for you to ensure your website works properly across different browser versions and different operating systems without having to have a separate box dedicated to that particular OS. You can download them via the IE Developer Center or more directly through the Microsoft Download Center . As a reminder, you need to have Virtual PC installed on your computer which is...
For Internet Explorer 8, we’ve made browser session handling a lot simpler. For instance, say you want to have two Hotmail windows open, each logged into a different account. Simply click the New Session item on the File menu, and a new browser window will open. The new browser window will not share session cookies with the original browser window, so you can log into Hotmail (and most web applications) as a different user. For command line junkies, you can run iexplore.exe with the -nomerge parameter...
When designing Accelerators for IE8, we had a number of scenarios in mind. Primarily, we looked at the all-too-common user pattern of copy-navigate-paste and decided we could save our users a lot of time and frustration by enabling some sort of contextual interaction between content and services. For example, the classic example is mapping—the user finds an address buried in a page, and instead of having to navigate to a mapping service, can receive the map inline via a preview window:
We...
This post walks through the IE setup experience and the choices it offers users. There have been a bunch of web postings recently that have described aspects of IE setup and first run, not entirely accurately. We hope this information clarifies some of your questions about upgrading to IE8 on Windows Vista or Windows XP machines. (While the scenario where IE8 gets installed as part of Windows 7 is essentially the same, this post is focused on the upgrade scenarios that most users will encounter today...
Hi again! I’m Helen Drislane, a Program Manager on the IE team and I will be discussing how IE integrates into the new Windows 7 taskbar.
Since the new taskbar was completely redesigned to improve window management, I will first describe the new behavior of the taskbar, then talk about how IE takes advantage of that behavior, and then wrap it up by answering some of the common questions we get asked about IE and the new taskbar.
THE NEW TASKBAR BEHAVIOR
As Chaitanya describes in great detail...
Our typical posts here are original information about the product from the people who built the product. This morning, I ran across a well-written article from PC Magazine with “some tips about features that you may not have noticed” in IE8.
We try to post a lot of useful information on this site (e.g. Session Cookies, sessionStorage, and IE8 or “How can I log into two webmail accounts at the same time?” ) and it’s both exciting and humbling to see professional writers take it a step further....
This post is intended for IT administrators, but more technical users might also find it useful.
During Internet Explorer 8 development we paid very close attention to Line of Business (LOB) application compatibility for large enterprises. We want IE8 to be an easy drop-in replacement for earlier versions of IE, so that all users can benefit from the improved speed, security and ease of use of IE8.
Like Microsoft, your organization probably depends on a very large number of Line of Business...
We are pleased to announce the availability of Internet Explorer 8 Multilingual User Interface (MUI) packs for Windows XP SP2, Windows XP SP3, and Windows Server 2003 SP2. The MUI packs can be downloaded from here :
Windows XP
Windows XP Professional x64
Windows Server 2003 x86
Windows Server 2003 x64
As detailed in our previous blog post , the following Internet Explorer MUI packs shipped today –
Internet Explorer 8 MUI pack applicable to Windows XP x86 and Windows Server...
As display technologies advance and the world begins to fully embrace accessibility on the web, the Zoom and High DPI experience of all browsers has become increasingly important. This is the first in a series of posts describing changes and improvements to Internet Explorer 8 to enable a more readable web on today’s displays. In this post, we’ll focus on enhancements to the Zoom user experience.
How to Use Zoom
First, let’s review how to take advantage of Zoom in Internet Explorer 8. Internet...
The May IE Chat has been rescheduled for Thursday, May 28 st at 10.00 PST/17.00 UTC. We apologize for any inconveniences.
As always transcripts of previous chats are available here .
See you next week!
Allison Burnett Program Manager
Introduction
The writing-mode property enables text layout for non-Latin languages like Japanese and Arabic. Supported in IE since release 5.5, this property has been significantly updated in IE8. Our goals were threefold:
To make its behavior more predictable for developers
To align with relatively newer CSS concepts like shrink-to-fit sizing
To further the CSS3 Text Layout module by providing the first implementation.
This post walks through the basics of the new implementation...
2009/6
We are pleased to announce the availability of Internet Explorer 8 in 20 additional languages today. Internet Explorer 8 is now available in a total of 63 languages! Please visit our World wide sites page to download Internet Explorer in your preferred locale/ language.
List of NEW IE8 languages
Language
Code
Windows Vista x86
Windows XP x86
Albanian
SQI
Yes
Yes
Assamese
ASM
Yes
-
Basque
EUQ...
The IE Cumulative Security Update for June 2009 is now available via Windows Update or Microsoft Update .
This update addresses seven privately reported vulnerabilities and one publicly disclosed vulnerability. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles scripts, cached content, and initializes memory. For detailed information on the contents of this update, please see the following documentation:
Microsoft Security Bulletin MS09...
During the IE8 beta periods, we unveiled a bunch of exciting new changes to the address bar. Throughout the beta period, we observed how the feature was being used and listened to your feedback. Two major themes developed from this feedback: performance, and control.
Performance
Although the Smart Address bar performance during the beta periods was acceptable for the most part, in some cases the address bar performed a bit slowly, and sometimes incredibly slowly. We made several changes under...
Join members of the Internet Explorer team for an Expert Zone chat this Thursday, June 18 th at 10.00 PST/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended our previous chats!
If you can’t join us live, the transcript for all chats are available here .
Thanks! See you Thursday.
Allison Burnett Program Manager
I’ve mentioned in several previous posts how Internet Explorer 8 displays pages in its most standards compliant mode by default – a configuration that emphasizes interoperability. This creates some challenges with regards to compatibility with existing web content.
Some of today’s web pages expect the older, less interoperable behavior from IE and, as a result, don’t necessarily work as expected in IE8’s standards-by-default mode. To address this, we built features like Compatibility View and...
There have already been a few posts on Compatibility View in Internet Explorer 8 ( here , here , here , here , here , and here ), but none have gone into detail about the user research data we used to help design this feature. We collected data on Compatibility View throughout the IE8 beta releases and have made multiple decisions about its design based on our data from lab studies, field studies, instrumentation, and community feedback. What I’d like to do is go through some common questions we...
Recently, a number of people have asked me what I think about Mozilla’s Content Security Policy draft spec. Back in January, I went on record as being someone who thinks that CSP is a good idea.
CSP is a mechanism for declarative security , whereby a site communicates its intent and leaves it up to the user-agent to determine how to enforce it.
There are a number of benefits to declarative security mechanisms:
Reduced compatibility risks. Because sites must opt-in and declare what, if...
We are pleased to announce the availability of Internet Explorer 8 on Windows XP for 5 additional languages today. These languages were tagged as “Coming Soon” in our blog post early June . Please visit our World wide sites page to download Internet Explorer in your preferred locale/ language.
Languages newly available on Windows XP:
Telugu
Malayalam
Punjabi (India)
Kannada
Bengali (India)
For reference, here’s a table with the full list of IE8 availability:
...
For those of you who manage your organization’s desktops using Windows Server Update Services (WSUS) Internet Explorer 8 will be made available via this technology starting August 25, 2009. Internet Explorer 8 will be made available as an “Update rollup” and will be applicable to all supported languages .
Is my organization affected?
If your organization uses WSUS and has it configured to auto-approve Update rollup packages, upon acceptance of the Internet Explorer 8 End User License Agreement...
2009/7
Hi, I am Michael Benny, a tester on networking in Internet Explorer. During the Internet Explorer 8 development cycle I was responsible for verifying many of the pieces of Compatibility View. We have discussed earlier about how the Compatibility View feature works and the steps a site author can take to ensure the Compatibility View button never displays for IE8 users visiting your site. There is another scenario that we have not yet covered, if my site was already added by an End-user to their Compatibility...
Background
As a part of the July security bulletin , Microsoft yesterday released an update to mitigate a vulnerability in the “Microsoft Video” ActiveX control. This control contained a stack-based buffer overflow which could be exploited by a malicious web page.
If you haven’t yet done so, please make sure you’ve installed the latest updates from WindowsUpdate to help keep your system secure.
The Microsoft Video control should not have been marked as safe because it wasn’t intended for...
This blog post details a change we’re making to IE8’s first run experience, previously described in other posts here and here . The goal of the IE setup experience is to put IE users in control of their settings and respect existing defaults. IE will never install, or become the default browser without your explicit consent. However, we heard a lot of feedback from a lot of different people and groups and decided to make the user choice of the default browser even more explicit. This change is part...
Browser add-ons are a great way to enhance the experience and capabilities of your Web browser. Add-ons are loaded by IE when you open a new browser window or tab. This is usually a quick process, but certain add-ons may cause IE to take a longer time than expected. For example, after installing Skype 4.1*, this user (and his father) encountered a slowdown in IE on their computers. Just like most of you, almost everybody on the IE team is tech support for their parents, so improving the user's ability...
I’ve written a few posts about the Microsoft-supplied Compatibility View List on the IEBlog, calling out the what, how, and why of the feature. I wanted to take this opportunity to bring the community up to speed on what’s transpired since Internet Explorer 8 released back in March of this year and talk a little bit about the future actions planned for the list.
The Story So Far…
Let’s start with a quick recap of the feature... by default Internet Explorer 8 displays web content using its newest...
I’d like to invite you to check out the new tutorials added to the Developer Tools content . These tutorials are written to help you quickly learn how to use the Developer Tools to solve Web page issues. Each tutorial is set up to focus on a programming problem to solve, such as changing text on the page, update a CSS class, or inspect a Jscript variable. You can follow the step-by-step instructions provided to learn how to use the Developer Tools to solve these and similar problems.
Hi, my name...
Internet Explorer is releasing an out-of-band update available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.
This update addresses three privately reported vulnerabilities which could allow remote code execution. The security update addresses the vulnerability by modifying the way...