Recently, there was a blog post which described a browser security feature as " like a seat-belt that snaps when you crash ." This wasn’t a particularly noteworthy event because similes are pretty common in our field. Almost e veryone likes similes...

My First Law of Browser Quirks was introduced a while ago : If there’s a way for a site to take dependency on a browser quirk, and break if that quirk is removed, it will happen . The Second Law of Browser Quirks is: If there’s a way for a...

Recently, someone attempted to download a deprecated version of the Windows Script debugger . This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me...

This morning, someone asked me to look into a site-compatibility problem on a HTML5 demo site. When loading the site into IE9 and IE10, the F12 Developer Tools’ Script Debugger showed the following error: Now, obviously, IE does support...

This crossed my Twitter stream earlier today: I’m not sure why we need a public service announcement to notify folks that Internet Explorer is behaving properly, but I guess there’s no harm in that. However, based on the lack of...

Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in...

Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of...

8.4% of all hangs in IE9 in the past month are caused by XMLHttpRequest objects blocking the UI thread with a synchronous request. http://blogs.msdn.com/b/wer/archive/2011/08/03/why-you-should-use-xmlhttprequest-asynchronously.aspx If your page...

Over on StackOverflow , danimajo asked for help in an interesting scenario. Basically, he’s trying to drive Internet Explorer through automation, but finds that when he navigates to an Intranet site, the hidden browser instance appears and he can...

To ensure optimal performance and reliability when rendering pages, you should order the elements within the HEAD element carefully. First, I’ll explain the optimal order, and then explain the reasoning for this structure. Optimal Head Ordering...

For over a decade, Internet Explorer has enabled developers to extend the browser with new URL protocol schemes. These protocols can be one of two types: Asynchronous Pluggable Protocols - COM objects that implement the IInternetProtocolRoot interface...

Inside Internet Explorer’s Tools > Internet Options > Advanced dialog, there’s an option named Enable Integrated Windows Authentication : This preference is stored using a REG_DWORD named EnableNegotiate inside HKCU\Software...

I continue to be amazed at how often site-compatibility issues turn out to have a root cause related to User-Agent sniffing. For instance, earlier this year, someone wrote into the comments section on one of my posts noting that the HTML5 canvas art...

Today’s batch of Windows Updates included a “Recommended” update to improve the rendering of certain fonts at small sizes (8-10pt). The updated versions of Arial, Verdana, and Tahoma fonts include new hinting logic that renders more...

Last year, I wrote about the IE9 improvements in heuristic expiration , which apply when a server fails to specify how long a cached resource should be treated as fresh. Heuristic Expiration works by calculating an implicit freshness lifetime from the...

As announced over on the IEBlog , the first update for IE9 is now available. When this update is installed, the IE Help > About screen will indicate that the IE version is 9.0.1. Please note that this is a display only change and it is...

While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection...

Modern browser APIs like the GeoLocation API are designed to have an asynchronous consent experience, whereby the API simply will not undertake a privileged action until the user consents. Unfortunately, many browser features like popup windows and ActiveX...

Microsoft’s Security Research and Defense team has released an updated version of their Enhanced Mitigation Experience Toolkit , a tool that allows the application of enhanced security mitigations around the application of your choice. While...

When the IE team talks about Cross-Site-Scripting (XSS) attacks, we’ve usually grouped them into three categories Type 0: DOM-based XSS Type 1: “Reflected” XSS Type 2: Persistent/Stored XSS DOM-APIs like toStaticHTML...

Over on SuperUser , there’s a great explanation of how Windows determines whether a newly-connected network has a proper Internet connection, or whether the user should open a browser to login or click through a Terms of Use agreement. The general...

I’ve worked on the Internet Explorer team for six+ years, and on web sites for a decade longer, so I’m understandably excited when I come across a browser behavior I can’t explain. Last week, I encountered such a mystery, and it took...

Recently, there’s been some interest in how to control the use of Java within Internet Explorer. Java is a unique form of extensibility because it can be invoked in two ways: Using an APPLET element Using an OBJECT element with a CLSID...

KB 262161 outlines the maximum number of stylesheets and rules supported by Internet Explorer 6 to 9. A sheet may contain up to 4095 rules A sheet may @import up to 31 sheets @import nesting supports up to 4 levels deep Some folks have...

Internet Explorer has an Advanced option named Do not save encrypted pages to disk . By default, this option is unchecked (except for Windows Server systems) and I recommend you leave it that way. In IE9, this option does exactly what it says...