IEInternals

This blog is closed as of 2/2015. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14.

  • IEInternals

    Building Custom Search Providers for IE's Search box

    • 7 Comments
    When the Internet Explorer team first introduced the Search Box next to the address bar in IE7, we also introduced an easy way for users to install search engines offered by websites that they visit. Users who want to add a site's search engine to the...
  • IEInternals

    Same Origin Policy Part 2: Limited Write

    • 4 Comments
    In Part 1 of this series, I described how Same Origin Policy prevents web content delivered from one origin from reading content from another origin. (If you haven’t read that post yet, please do start there.) In today’s post, we’ll...
  • IEInternals

    Pushing the Web Forward with HTTP/308

    • 1 Comments
    Recently, the IESG approved publication of a new Internet-Draft defining the HTTP/308 status code (Intended Status: Experimental). This status code is defined as the "Permanent" variant of the existing HTTP/307 status code. Recall that HTTP/307 was defined...
  • IEInternals

    Understanding Enhanced Protected Mode

    • 53 Comments
    Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and...
  • IEInternals

    Mind Your Parameters

    • 0 Comments
    A recent blog post reminded me that I should blog about a bad pattern we saw a few months back while trying to fix some application compatibility bugs with IE10. It turns out that a lot of applications that want to invoke a webpage call ShellExecute without...
  • IEInternals

    Internet Explorer 10 Consumer Preview Minor Changes List

    • 7 Comments
    Continuing on from last year’s IE9 Minor Changes list , this post describes minor changes you can find in Internet Explorer 10 in the Windows 8 Consumer Preview. There are many changes that I will not be covering, please do not mistake this for...
  • IEInternals

    Beware Silly Similes

    Recently, there was a blog post which described a browser security feature as " like a seat-belt that snaps when you crash ." This wasn’t a particularly noteworthy event because similes are pretty common in our field. Almost e veryone likes similes...
  • IEInternals

    The Hazards of Browser Quirks, continued

    • 1 Comments
    My First Law of Browser Quirks was introduced a while ago : If there’s a way for a site to take dependency on a browser quirk, and break if that quirk is removed, it will happen . The Second Law of Browser Quirks is: If there’s a way for a...
  • IEInternals

    Authenticode and Weak Certificate Chains

    • 6 Comments
    Recently, someone attempted to download a deprecated version of the Windows Script debugger . This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me...
  • IEInternals

    Swapping out JQuery with Fiddler

    • 1 Comments
    This morning, someone asked me to look into a site-compatibility problem on a HTML5 demo site. When loading the site into IE9 and IE10, the F12 Developer Tools’ Script Debugger showed the following error: Now, obviously, IE does support...
  • IEInternals

    HTTP Methods and Redirect Status Codes

    • 9 Comments
    This crossed my Twitter stream earlier today: I’m not sure why we need a public service announcement to notify folks that Internet Explorer is behaving properly, but I guess there’s no harm in that. However, based on the lack of...
  • IEInternals

    Sharpen the Saw

    • 6 Comments
    Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in...
  • IEInternals

    Internet Explorer 9.0.2 Update

    • 15 Comments
    Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of...
  • IEInternals

    Please don't make XHR run in synchronous mode

    • 6 Comments
    The Windows Error Reporting team reports that 8.4% of all hangs in IE9 in the past month are caused by XMLHttpRequest objects blocking the UI thread with a synchronous request. http://blogs.msdn.com/b/wer/archive/2011/08/03/why-you-should-use-xmlhttprequest...
  • IEInternals

    Default Integrity Level and Automation

    • 18 Comments
    Over on StackOverflow , danimajo asked for help in an interesting scenario. Basically, he’s trying to drive Internet Explorer through automation, but finds that when he navigates to an Intranet site, the hidden browser instance appears and he can...
  • IEInternals

    Best Practice: Get your HEAD in order

    • 19 Comments
    To ensure optimal performance and reliability when rendering pages, you should order the elements within the HEAD element carefully. First, I’ll explain the optimal order, and then explain the reasoning for this structure. Optimal Head Ordering...
  • IEInternals

    Understanding Protocols

    • 6 Comments
    For over a decade, Internet Explorer has enabled developers to extend the browser with new URL protocol schemes. These protocols can be one of two types: Asynchronous Pluggable Protocols - COM objects that implement the IInternetProtocolRoot interface...
  • IEInternals

    Integrated Windows Authentication

    • 3 Comments
    Inside Internet Explorer’s Tools > Internet Options > Advanced dialog, there’s an option named Enable Integrated Windows Authentication : This preference is stored using a REG_DWORD named EnableNegotiate inside HKCU\Software...
  • IEInternals

    The Perils of User-Agent Sniffing, 2011 Edition

    • 8 Comments
    I continue to be amazed at how often site-compatibility issues turn out to have a root cause related to User-Agent sniffing. For instance, earlier this year, someone wrote into the comments section on one of my posts noting that the HTML5 canvas art...
  • IEInternals

    Update now available for improved font-smoothing

    • 11 Comments
    Today’s batch of Windows Updates included a “Recommended” update to improve the rendering of certain fonts at small sizes (8-10pt). The updated versions of Arial, Verdana, and Tahoma fonts include new hinting logic that renders more...
  • IEInternals

    Understanding Once-Per-Session Cache Validation

    • 7 Comments
    Last year, I wrote about the IE9 improvements in heuristic expiration , which apply when a server fails to specify how long a cached resource should be treated as fresh. Heuristic Expiration works by calculating an implicit freshness lifetime from the...
  • IEInternals

    First IE9 Update Now Available

    • 8 Comments
    As announced over on the IEBlog , the first update for IE9 is now available. When this update is installed, the IE Help > About screen will indicate that the IE version is 9.0.1. Please note that this is a display only change and it is...
  • IEInternals

    Download Resumption in Internet Explorer

    • 18 Comments
    While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection...
  • IEInternals

    Consent and Browser Refreshes

    • 12 Comments
    Modern browser APIs like the GeoLocation API are designed to have an asynchronous consent experience, whereby the API simply will not undertake a privileged action until the user consents. Unfortunately, many browser features like popup windows and ActiveX...
  • IEInternals

    Enhanced Mitigation Experience Toolkit Update

    • 3 Comments
    Microsoft’s Security Research and Defense team has released an updated version of their Enhanced Mitigation Experience Toolkit (EMET), a tool that allows the application of enhanced security mitigations around the application of your choice. ...
Page 3 of 9 (210 items) 12345»