IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

Browse by Tags

Tagged Content List
  • Blog Post: Braindump: Feature Control Keys and URLActions

    Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that these posts will contain errors, but I also expect...
  • Blog Post: Enhanced Protected Mode and Local Files

    Ordinarily, Internet Explorer loads local HTML files in the Local Machine Zone. Locally-loaded HTML files are subject to the Local Machine Lockdown feature which prevents pages from running active content like JavaScript or ActiveX controls, showing the following notification: In order to...
  • Blog Post: Brain Dump: Random Tidbits

    This post contains random IE-related tidbits for which there’s either not enough material or time to write a full post. I expect to revisit and expand this list from time to time. Case-Sensitivity in Cross-Frame Scripting of File URIs Same-Origin-Policy controls how script running in web...
  • Blog Post: Same Origin Policy Part 2: Limited Write

    In Part 1 of this series, I described how Same Origin Policy prevents web content delivered from one origin from reading content from another origin. (If you haven’t read that post yet, please do start there.) In today’s post, we’ll look at what restrictions are placed on writing...
  • Blog Post: Sharpen the Saw

    Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in cash , kids, this was before credit cards got popular...
  • Blog Post: Internet Explorer 9.0.2 Update

    Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of KB2559049 . One fix enables the IE9 Download Manager...
  • Blog Post: A Security Prompt that makes you go “Huh?”…

    Every few months, a Microsoft employee will send me an email complaining that Internet Explorer showed them the following dialog: This page is accessing information that is not under its control. This poses a security risk. Do you want to continue? …and they don’t understand...
  • Blog Post: Controlling ActiveX in Internet Explorer

    In today’s post, I’ll provide a high-level overview of features in Internet Explorer that impact the loading of ActiveX controls. Internet Explorer 6 and later allow the user to enable or disable ActiveX controls on an individual basis using the Manage Add-ons screen. Internet...
  • Blog Post: Understanding Local Machine Zone Lockdown

    Recently, a colleague sent me an email which provided a flashback into my own past: Hey, Eric-- Why do we show this when opening HTML locally? What are we protecting the user from? -Ben I myself had sent an email with almost the same text nearly seven years ago, and the surprisingly...
  • Blog Post: XDomainRequest - Restrictions, Limitations and Workarounds

    Update : Internet Explorer 10+ supports CORS using XMLHTTPRequest . You should prefer that object over the legacy XDomainRequest object. In Internet Explorer 8, the XDomainRequest object was introduced. This object allows AJAX applications to make safe cross-origin requests directly by ensuring that...
  • Blog Post: The User-Agent String: Use and Abuse

    When I first joined the IE team five years ago, I became responsible for the User-Agent string. While I’ve owned significantly more “important” features over the years, on a byte-for-byte basis, few have proved as complicated as the “simple” UA string. I ( and others...
  • Blog Post: Understanding Domain Names in Internet Explorer

    Web browsers use domain names for a variety of purposes, but how they’re used is much more complicated than most developers realize. In this post, I’ll attempt to cover the most important aspects of this topic. Definitions When talking about “domains” the terminology alone...
  • Blog Post: Same Origin Policy Part 1: No Peeking

    Despite its role as the cornerstone of web application security, it’s clear that many (most?) web professionals do not understand Same Origin Policy (SOP), or hold one or more misconceptions about what SOP requires. It’s a big topic, and I don’t plan to address it all on this quiet...
  • Blog Post: Slowing Down: Disabling the Accelerator icon

    We've had a few folks write to the IEBlog asking " How can I disable the little blue accelerator icon that appears when text is selected in a HTML page? " For end users, the answer is straightforward: Click Tools > Internet Options > Advanced , and untick Display Accelerator button on selection...
Page 1 of 1 (14 items)