IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

Browse by Tags

Tagged Content List
  • Blog Post: Compressing the Web

    Be succinct. Virtually any network-based application can be made faster by optimizing the number of bytes transferred across the network. Taking advantage of caching is a great way to minimize transfer sizes, but just as important is to reduce the size of the resources you transfer. Data compression...
  • Blog Post: Pushing the Web Forward with HTTP/308

    Recently, the IESG approved publication of a new Internet-Draft defining the HTTP/308 status code (Intended Status: Experimental). This status code is defined as the "Permanent" variant of the existing HTTP/307 status code. Recall that HTTP/307 was defined back in 1999 to remove the ambiguity around...
  • Blog Post: The Hazards of Browser Quirks, continued

    My First Law of Browser Quirks was introduced a while ago : If there’s a way for a site to take dependency on a browser quirk, and break if that quirk is removed, it will happen . The Second Law of Browser Quirks is: If there’s a way for a site to combine a set of browser quirks to yield...
  • Blog Post: HTTP Methods and Redirect Status Codes

    This crossed my Twitter stream earlier today: I’m not sure why we need a public service announcement to notify folks that Internet Explorer is behaving properly, but I guess there’s no harm in that. However, based on the lack of information provided, and the implication that this...
  • Blog Post: Understanding Once-Per-Session Cache Validation

    Last year, I wrote about the IE9 improvements in heuristic expiration , which apply when a server fails to specify how long a cached resource should be treated as fresh. Heuristic Expiration works by calculating an implicit freshness lifetime from the Last-Modified timestamp on the cached resource and...
  • Blog Post: Download Resumption in Internet Explorer

    While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection dropped). One of the significant...
  • Blog Post: Proper Content-Type Header Syntax

    I’ve previously mentioned one site that wasn’t working properly due to sending a malformed Content-Type header. Today, I encountered another site with a similar problem, but in a subtly different way. Looking at the IE9 F12 Network tab, you can see the problem: As you can see...
  • Blog Post: Beware Cookie Sharing in Cross-Zone Scenarios

    Note: I mentioned this problem before ( Troubleshooting Login Cookies #3 ) but it was buried in a long post and this is an issue that lots of folks inside Microsoft hit, so I’m pulling it out into its own post. The Problem From time to time, various users have complained to the IE team that...
  • Blog Post: Content-Length in the Real World

    Earlier in IE9 , we tried to change the WinINET networking component to reject as incomplete any HTTP responses for which the Content-Length header specified more bytes than the server actually sent back. It turns out that some sites and applications expect to be able to specify an incorrect Content...
  • Blog Post: IE9 Compatibility: Proper Use of the Charset Token

    Recently, during site-compatibility testing of IE9, we encountered a cool online game that does not load properly in Internet Explorer. Using the F12 Developer Tools’ Script debugger, the page immediately hits a script error (“ c00ce56e ”) while loading: A quick search on...
  • Blog Post: Controlling the XSS Filter

    Internet Explorer 8 included a novel new feature to help prevent reflected cross-site scripting attacks, known as the XSS Filter . This filter runs by default in the Internet, Trusted, and Restricted security zones. Local Intranet zone pages may opt-in to the protection using the same header: X-XSS-Protection...
  • Blog Post: Challenge-Response Authentication and Zero-Length Posts

    From time-to-time, web developers contact the IE team reporting that they’ve encountered a problem whereby Internet Explorer submits a POST but fails to transmit the content body. This bodyless POST indicates via the Content-Length header that the POST is zero-bytes long, regardless of how much...
  • Blog Post: The Hazards of Relying upon Browser Quirks

    While many web developers find subtle browser behaviors baffling, often browser developers are bewildered by web content. Yesterday, we ran into an interesting site compatibility problem that occurs in the latest internal version of IE9. The site in question is a popular site which uses a Flash applet...
  • Blog Post: Friendly HTTP Error Pages

    Internet Explorer 5 and later will show a “Friendly” HTTP Error page if the server returns certain HTTP Error status codes with a short message body. The intent is to replace a terse server message like this one: ...with a page which may be slightly more helpful to the average user...
  • Blog Post: Downloads and International Filenames

    A few times a year, I get a question about Internet Explorer's behavior when it comes to downloading files that have non-ASCII characters in the filename, because different browsers have different behavior when handling such files. The server can suggest the name for a file download in one of two...
  • Blog Post: The Performance Impact of META REFRESH

    Some sites will utilize the META REFRESH directive to perform a client-side redirection. In general, this should be avoided in favor of other redirection types, for instance, a server-side redirection (HTTP/3xx) or by using JavaScript. Using META REFRESH creates a potential performance problem in IE...
  • Blog Post: COMET Streaming in Internet Explorer

    The request/response nature of HTTP works very well for traditional web pages, but to build dynamic AJAX applications, it’s often desirable for the server to be able to send data to the client on its own schedule. You could imagine, for instance, scenarios like an online game, or an event viewer...
  • Blog Post: Using Meddler to Simulate Web Traffic

    As mentioned back in July , IE8’s new lookahead downloader has a number of bugs which cause it to issue incorrect speculative download requests. The “BASE Bug” caused the speculative downloader to only respect the <BASE> element for the first speculatively downloaded script...
  • Blog Post: Internet Explorer Cookie Internals (FAQ)

    Over the five years I’ve worked on Internet Explorer, I’ve probably seen more questions from the community about HTTP cookies than on any other topic. Cookies are an integral component of most websites in use today, and hence problems or unexpected behaviors with cookies tend to get a lot...
  • Blog Post: Internet Explorer's Cache-Control Extensions

    Some time ago, I wrote a summary of how Internet Explorer’s cache works . At the time, I left out mention of the two cache-control directives introduced by IE5: pre-check and post-check . These directives enable a “background update” mechanism where a cached resource is reused while...
  • Blog Post: IE and the Accept Header

    RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case...
  • Blog Post: Internet Explorer and Custom HTTP Headers

    Someone recently asked me for a list of custom HTTP request and response headers introduced by the IE team over the years. Here's the list I've come up with so far (including a few that were introduced before I joined the team): Request Headers UA-CPU Allows a website to determine what CPU...
  • Blog Post: HTTP/HTTPS Port-Blocking in WinINET

    Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use a HTML form to send a request to an unprotected mail...
Page 1 of 1 (23 items)