IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

Browse by Tags

Tagged Content List
  • Blog Post: Compressing the Web

    Be succinct. Virtually any network-based application can be made faster by optimizing the number of bytes transferred across the network. Taking advantage of caching is a great way to minimize transfer sizes, but just as important is to reduce the size of the resources you transfer. Data compression...
  • Blog Post: Strict Transport Security

    Ivan Ristic’s meticulously researched Bulletproof SSL & TLS book spurred me to spend some time thinking about the HTTP Strict Transport Security (HSTS) feature under development by the Internet Explorer team and already available in other major browsers . HSTS enables a website to opt-in to...
  • Blog Post: RFCs for HTTP/1.1 Updated

    After years of effort, the HTTPBIS working group of the IETF has completed revisions of the venerable RFC2616 that defines the HTTP/1.1 protocol. These revisions clarify ambiguous sections of the original, deprecate problematic features, and reflect real-world implementation experiences. There’s...
  • Blog Post: IE11 Changes

    In the past, I’ve published “Minor changes” lists for IE9 and IE10 . The goal of those lists was to briefly document changes that might not be recorded elsewhere. This time around, I’m aiming to provide broader coverage of changes in IE11, including major new features and APIs...
  • Blog Post: Brain Dump: International Text

    Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that these posts will contain errors, but I also expect...
  • Blog Post: Same Origin Policy Part 2: Limited Write

    In Part 1 of this series, I described how Same Origin Policy prevents web content delivered from one origin from reading content from another origin. (If you haven’t read that post yet, please do start there.) In today’s post, we’ll look at what restrictions are placed on writing...
  • Blog Post: Pushing the Web Forward with HTTP/308

    Recently, the IESG approved publication of a new Internet-Draft defining the HTTP/308 status code (Intended Status: Experimental). This status code is defined as the "Permanent" variant of the existing HTTP/307 status code. Recall that HTTP/307 was defined back in 1999 to remove the ambiguity around...
  • Blog Post: HTTP Methods and Redirect Status Codes

    This crossed my Twitter stream earlier today: I’m not sure why we need a public service announcement to notify folks that Internet Explorer is behaving properly, but I guess there’s no harm in that. However, based on the lack of information provided, and the implication that this...
  • Blog Post: Download Resumption in Internet Explorer

    While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection dropped). One of the significant...
  • Blog Post: Blog Roll

    These days, I struggle to find time to keep up with all of the tech news, but there are a few streams I make a special effort to stay on top of. Ex-Internet Explorer Dave Risney posts items of interest about URIs, web standards, FiddlerCore and myriad other interesting goodies over on his blog . ...
  • Blog Post: Proper Content-Type Header Syntax

    I’ve previously mentioned one site that wasn’t working properly due to sending a malformed Content-Type header. Today, I encountered another site with a similar problem, but in a subtly different way. Looking at the IE9 F12 Network tab, you can see the problem: As you can see...
  • Blog Post: IE9 Standards Mode Accepts only text/css for stylesheets

    I recently encountered a blog that isn’t looking right in IE9: The site renders just fine in other browsers, and when the page is put into Compatibility View by ticking the icon in the address bar: What’s going on here? It’s clear that a stylesheet isn’t...
  • Blog Post: Cross-Browser Interop and the HTML5 Canvas

    Technical Evangelist Giorgio Sardo just published a great post about HTML5 Canvas, responding to some concerns about bugs in the IE9 Beta. The post also takes a quick look at cross-browser interop for the Canvas object. It’s definitely worth the read: http://blogs.msdn.com/b/giorgio/archive...
  • Blog Post: XDomainRequest - Restrictions, Limitations and Workarounds

    Update : Internet Explorer 10+ supports CORS using XMLHTTPRequest . IE11 deprecates the XDomainRequest object and it is not available in IE11 Edge mode. In Internet Explorer 8, the XDomainRequest object was introduced. This object allows AJAX applications to make safe cross-origin requests directly...
  • Blog Post: COMET Streaming in Internet Explorer

    The request/response nature of HTTP works very well for traditional web pages, but to build dynamic AJAX applications, it’s often desirable for the server to be able to send data to the client on its own schedule. You could imagine, for instance, scenarios like an online game, or an event viewer...
  • Blog Post: Understanding Domain Names in Internet Explorer

    Web browsers use domain names for a variety of purposes, but how they’re used is much more complicated than most developers realize. In this post, I’ll attempt to cover the most important aspects of this topic. Definitions When talking about “domains” the terminology alone...
  • Blog Post: HTML5 Implementation Issues in IE8 (and later)

    IE8 introduced support for some of the more stable features in the HTML5 spec. However, web developers have reported some problematic scenarios in IE8's support for these features, as described below. 1. postMessage only works for IFRAMES/FRAMES The HTML5 postMessage function provides a great way...
  • Blog Post: Same Origin Policy Part 1: No Peeking

    Despite its role as the cornerstone of web application security, it’s clear that many (most?) web professionals do not understand Same Origin Policy (SOP), or hold one or more misconceptions about what SOP requires. It’s a big topic, and I don’t plan to address it all on this quiet...
  • Blog Post: Internet Explorer Cookie Internals (FAQ)

    Over the five years I’ve worked on Internet Explorer, I’ve probably seen more questions from the community about HTTP cookies than on any other topic. Cookies are an integral component of most websites in use today, and hence problems or unexpected behaviors with cookies tend to get a lot...
  • Blog Post: IE8's Native XMLHttpRequest Object Restrictions, Bugs, and Notes

    Protocol Restriction Internet Explorer's native XMLHTTPRequest object permits requests to HTTP and HTTPS only; requests to FILE, FTP, or other URI schemes are blocked. Update : IE10 XHR supports CORS . Method Restriction The object permits only the following HTTP methods: "GET", "POST", "HEAD", "PUT...
  • Blog Post: Q&A: Rendering Mode for Web Browser Controls (WebOCs)

    Q: Eric, you mentioned that the IE8 Web Browser Control, hosted in Forms / WPF, runs in IE7 emulation mode by default. Is there a way to turn the emulation mode off and have the control work in "real" IE8 mode? A: Yes. This is controlled by a feature control key. See Matt Crowley's post on Rendering...
  • Blog Post: IE and the Accept Header

    RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited to a small set of desired types, as in the case...
  • Blog Post: Thoughts on Declaring Security Policies

    My thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog. I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific to CSP. I hope to make a number of posts on this topic...
  • Blog Post: CSS History Probing, or: "I know where you went last week"

    Background One of the interesting attacks which makes the rounds every few years concerns the ability of web pages to use CSS to detect whether or not certain URLs have been visited. Given a sufficiently large set of URLs to probe, a website may be able to develop an interesting profile of where your...
Page 1 of 1 (24 items)