IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

Browse by Tags

Tagged Content List
  • Blog Post: Script Polyglots

    Lately, there’s been a resurgence of interest in hiding script inside files of other types; sometimes this is known as a polyglot file . On Twitter, there’s been some excitement about a new tool that creates GIF/JavaScript polyglots. As you can see in the example provided in the aforementioned...
  • Blog Post: Downloading ZIP-Based Formats

    More and more file formats are based on the ZIP format . The Open Packaging Conventions use ZIP as a base format, and that means frameworks like .NET’s System.IO.Packaging also generate files that are valid ZIP files. The Office 2007+ formats are ZIP-based, and more personally, Fiddler ’s...
  • Blog Post: Understanding Once-Per-Session Cache Validation

    Last year, I wrote about the IE9 improvements in heuristic expiration , which apply when a server fails to specify how long a cached resource should be treated as fresh. Heuristic Expiration works by calculating an implicit freshness lifetime from the Last-Modified timestamp on the cached resource and...
  • Blog Post: First IE9 Update Now Available

    As announced over on the IEBlog , the first update for IE9 is now available. When this update is installed, the IE Help > About screen will indicate that the IE version is 9.0.1. Please note that this is a display only change and it is not reflected in the User-Agent String, Conditional...
  • Blog Post: Download Resumption in Internet Explorer

    While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection dropped). One of the significant...
  • Blog Post: Consent and Browser Refreshes

    Modern browser APIs like the GeoLocation API are designed to have an asynchronous consent experience, whereby the API simply will not undertake a privileged action until the user consents. Unfortunately, many browser features like popup windows and ActiveX controls were designed before privilege limitations...
  • Blog Post: Socially-Engineered XSS Attacks

    When the IE team talks about Cross-Site-Scripting (XSS) attacks, we’ve usually grouped them into three categories Type 0: DOM-based XSS Type 1: “Reflected” XSS Type 2: Persistent/Stored XSS DOM-APIs like toStaticHTML enable pages to protect themselves against Type...
  • Blog Post: Browser Helper Objects for Windows Explorer

    Thanks to TuxExplorer for reminding me to blog about this. Both Windows Explorer and Internet Explorer are able to load extensions known as Browser Helper Objects (BHOs). BHOs are a minimal extensibility point into both the shell and the browser, allowing extensions to sync to events and react accordingly...
  • Blog Post: Everything you need to know about Authenticode Code Signing

    In today’s post, I’ll be discussing the use of Authenticode to sign software programs; this post will be of interest primarily to software developers. Large software companies (like Microsoft) often have an entire team dedicated to the code-signing and release process, but even (especially...
  • Blog Post: IE9 Final RTW Minor Changes List

    This is the third and last post in the Minor Changes series; it covers changes in the final Release-to-Web (RTW) version of Internet Explorer 9. IE9 Beta Minor Changes List IE9 Release Candidate (RC) Minor Changes List The Release Candidate was Platform Complete, meaning that the Internet...
  • Blog Post: File Upload and Download Limits

    Over the last few years, we’ve had a few questions about WinINET’s limits for file upload and download. I’ve summarized those limits in the following table: Upload (total size) Download (per file) Internet Explorer 6 2gb 2gb...
  • Blog Post: IE9 No-Reboot Setup and the Windows Restart Manager

    On Windows 7, Internet Explorer 9 can often be installed without rebooting the system. In cases where a system restart is required, either the system lacks one of the required prerequisites (so IE Setup is forced to install it and reboot) or a running program or service is holding one of Internet Explorer’s...
  • Blog Post: IE9 RC Minor Changes List

    Back in September, I published a list of minor changes in IE9 Beta . In today’s post, I will provide an updated list of things that have changed in the IE9 Release candidate. Note: This list also includes a few changes that were present in Beta that I didn’t mention at that time. Of course...
  • Blog Post: IE9 RC Now Available

    The Release Candidate of Internet Explorer 9 is now available . I’ll be posting my IE9 RC Minor Changes list sometime in the next week—we’ve made a ton of improvements since beta, and I’m excited to talk about all of them. For now, I’ve just posted an article on the Fiddler...
  • Blog Post: File Download and Filenames

    Several months ago, I blogged about IE’s support for International Filenames on Downloads . Today’s post is a bit simpler and describes two cases when IE may rename downloaded files. Filename Extension and QueryString Parameters If a file download HTTP response does not contain a Content...
  • Blog Post: IE9 Beta Minor Changes List

    In every release of the browser, we make many major feature investments, most of which you can read about in posts over on the IEBlog . However, we also make thousands of small improvements that are often overlooked or not broadly recognized. In this post, I will provide a partial list of some of these...
  • Blog Post: Downloads and International Filenames

    A few times a year, I get a question about Internet Explorer's behavior when it comes to downloading files that have non-ASCII characters in the filename, because different browsers have different behavior when handling such files. The server can suggest the name for a file download in one of two...
  • Blog Post: HTTPS Caching and Internet Explorer

    From time-to-time, I get questions about Internet Explorer’s behavior when it comes to caching of HTTPS-delivered content. It comes as a surprise to many that by-default, all versions of Internet Explorer will cache HTTPS content so long as the caching headers allow it . If a resource is sent...
  • Blog Post: IE8 Lookahead Downloader Fixed

    Background Last year, I wrote about two bugs in IE8’s Lookahead Downloader that would cause IE8 to make spurious download requests for non-existent URLs. These spurious download requests generally went unnoticed by users, because the main parser would eventually retrieve the correct resource when it...
  • Blog Post: Understanding SmartScreen Blocking

    I’ve received a few emails recently, asking “Why is SmartScreen blocking my newspaper’s website?” Usually, the person asking assumes that, because they trust and regularly visit the website in question, this must be a false positive in SmartScreen. The reality is a bit more complicated, and a bit...
  • Blog Post: Use Sensible Long-Lived Cache headers

    As some of you might expect, I watch all of my network traffic when I browse the web—you never know when you’ll see something interesting. This afternoon, for example, my curiosity was piqued when I noted that as I browsed around the Zune website, my browser issued conditional HTTP requests...
  • Blog Post: In-Place Shell Navigation with the WebBrowser Control on Windows 7

    Because the WebBrowser Control (WebOC) can be used to display a wide range of content (HTML, Office Documents, PDFs, the local file-system, etc) it is often integrated into applications as a somewhat generic object hosting surface. For Windows 7, a small change was made that will impact applications...
  • Blog Post: Inline AutoComplete

    Internet Explorer 8 removed support for one of my favorite browser features: Inline AutoComplete (IAC) for the address bar. This feature was off-by-default, but for almost a decade the first thing I did when setting up a new computer was enable IAC using the checkbox Tools > Internet Options >...
  • Blog Post: The User-Agent String: Use and Abuse

    When I first joined the IE team five years ago, I became responsible for the User-Agent string. While I’ve owned significantly more “important” features over the years, on a byte-for-byte basis, few have proved as complicated as the “simple” UA string. I ( and others...
  • Blog Post: Internet Explorer Cannot Download https://something

    Earlier today, I was asked to troubleshoot a secure site where file downloads were always failing . Having seen this problem many times often over the years, I immediately suspected that the web developer wasn’t aware that if a user tries to download * a file over a HTTPS connection, any...
Page 1 of 2 (32 items) 12