IEInternals

This blog is closed as of 2/2015. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14.

  • IEInternals

    HowTo: Organize Favorites using Windows Explorer

    • 0 Comments
    Here's a fun little tip from the "Things I didn't know about my own product " file: If you want to organize your favorites using a full Windows Explorer instance instead of the far more limited "Organize Favorites" dialog box, hold SHIFT while clicking...
  • IEInternals

    It was only a matter of time...

    • 1 Comments
    It looks like the days of "security by obscurity" protection for Mac users may be coming to a close. As described over on Brian Krebs' blog , socially-engineered malware authors are now going after Mac OS X users with targeted exploits that attack both...
  • IEInternals

    My browser is acting funny…

    • 25 Comments
    As browser users go, I’m pretty savvy. I’ve been on the IE team for nearly half a decade, and I’ve been writing browser extensions for twice as long. I read networking source code for entertainment, I spend my free time writing a web debugger , and I...
  • IEInternals

    Getting the Server's Certificate Chain from WinINET

    • 0 Comments
    Over the last few years, a number of folks have lamented that there's no good way to get the server's complete certificate chain from a WinINET HTTP response. That has changed with the release of the new WinINET shipping in Windows 7 / IE8. INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT...
  • IEInternals

    Internet Explorer Cookie Internals (FAQ)

    • 67 Comments
    Over the five years I’ve worked on Internet Explorer, I’ve probably seen more questions from the community about HTTP cookies than on any other topic. Cookies are an integral component of most websites in use today, and hence problems or unexpected...
  • IEInternals

    Bugs in IE8's Lookahead Downloader

    • 116 Comments
    All bugs mentioned in this post are now fixed . Internet Explorer has a number of features designed to render pages more quickly. One of these features is called the "Lookahead Downloader" and it's used to quickly scan the page as it comes in, looking...
  • IEInternals

    IE8's Native XMLHttpRequest Object Restrictions, Bugs, and Notes

    • 8 Comments
    Protocol Restriction Internet Explorer's native XMLHTTPRequest object permits requests to HTTP and HTTPS only; requests to FILE, FTP, or other URI schemes are blocked. Update : IE10 XHR supports CORS . Method Restriction The object permits only the...
  • IEInternals

    Unshackling IE8 Performance

    • 37 Comments
    In general, IE8 is a significantly faster browser than prior versions. We made a number of major investments throughout the browser’s code to help ensure that IE users will have a great real-world experience on the web. However, it is definitely the...
  • IEInternals

    Internet Explorer's Cache-Control Extensions

    • 5 Comments
    Some time ago, I wrote a summary of how Internet Explorer’s cache works . At the time, I left out mention of the two cache-control directives introduced by IE5: pre-check and post-check . These directives enable a “background update”...
  • IEInternals

    Protecting ActiveX Controls

    • 0 Comments
    When evaluating the security of Internet Explorer’s ActiveX support, there are two threats to consider: · Malicious controls · Malicious websites To mitigate the threat of malicious ActiveX controls (malware), features like the IE8 SmartScreen...
  • IEInternals

    Retiring IE6...

    • 6 Comments
    Often, folks ask us why we continue to support IE6. The short answer is that because we've committed to doing so . But more importantly, even if we dropped support, most people who want to use IE6 would still use it anyway, just without the benefit of...
  • IEInternals

    Notes on Proxy AutoConfiguration Scripts

    • 0 Comments
    I had someone ask me for help writing a Proxy AutoConfiguration script today. PAC files are basically simple JavaScript files that expose one function, FindProxyForURL(url, host) . The function returns a string containing a list of one or more proxies...
  • IEInternals

    Q&A: Rendering Mode for Web Browser Controls (WebOCs)

    • 1 Comments
    Q: Eric, you mentioned that the IE8 Web Browser Control, hosted in Forms / WPF, runs in IE7 emulation mode by default. Is there a way to turn the emulation mode off and have the control work in "real" IE8 mode? A: Yes. This is controlled by a feature...
  • IEInternals

    IE and the Accept Header

    • 18 Comments
    RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited...
  • IEInternals

    The Privacy Impact of Add-ons: New APIs for IE8

    • 6 Comments
    By default, when starting a new session using IE8's InPrivate Browsing feature, toolbars and Browser Helper Objects are disabled. This is done to help protect the user's privacy: many toolbars and extensions maintain their own navigation/search/etc history...
  • IEInternals

    Internet Explorer and Custom HTTP Headers

    • 0 Comments
    Someone recently asked me for a list of custom HTTP request and response headers introduced by the IE team over the years. Here's the list I've come up with so far (including a few that were introduced before I joined the team): Request Headers ...
  • IEInternals

    Cool deal: Windows 7 Pre-orders half price for a limited time

    • 0 Comments
    Not exactly IE related, although IE8 is included in Windows 7: Until July 11th, Windows 7 upgrade pre-orders are available for half-price . Home Premium is $50, and Professional is $100. -Eric
  • IEInternals

    Thoughts on Declaring Security Policies

    • 2 Comments
    My thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog. I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific to...
  • IEInternals

    User Account Control in Windows 7

    • 0 Comments
    It isn't directly related to Internet Explorer, but Mark Russinovich's Inside Windows7 User Account Control article over on TechNet provides an illuminating explanation of why UAC isn't a security boundary, but why it helps protect against malware anyway...
  • IEInternals

    Handling Mixed (HTTPS/HTTPS) Content

    • 128 Comments
    Update: IE9 includes improved handling of Mixed Content. Click to learn more... Background As we developed Internet Explorer 8, we spent quite a bit of time pondering what to do about IE7’s infamous “Mixed Content” warning prompt...
  • IEInternals

    WebOCs, popups, and the default browser

    • 1 Comments
    Applications which host the WebOC (Web Browser control) may choose to support popups and new windows by hooking the NewWindow3 event and returning in ppDisp a pointer to a new, hidden, non-navigated WebBrowser object or InternetExplorer object. If such...
  • IEInternals

    Windows 7 adds support for TLSv1.1 and TLSv1.2

    • 3 Comments
    Windows 7's updated crypto stack (schannel.dll, etc) offers support for TLSv1.1 and TLSv1.2. While disabled by default in IE8 (for compatibility reasons; some legacy sites will fail to connect when the updated TLS version is offered) the new protocol...
  • IEInternals

    IE8 Problem Reports: ASP.NET Menus show blank/white

    • 0 Comments
    Q: My ASP.NET site's menus show as blank/white when my page is rendered in IE8 standards mode. The menus only work if I turn on compatibility view. What's up with that? A: This is actually a standards-compliance bug in the ASP.NET framework. A fix...
  • IEInternals

    Enhanced Security with SEHOP

    • 2 Comments
    Windows Vista SP1 introduced an interesting new memory protection known as SEHOP, which works with other memory protection techniques (like DEP/NX , ASLR, etc) to help prevent exploitation of a specific type of memory-related vulnerability known as SEH...
  • IEInternals

    Good news: Security innovation spreading...

    • 0 Comments
    Version 4 of the Safari web browser now supports the HTTPOnly directive for cookies introduced by IE6 SP1. Now, all major browsers support the directive, which can help mitigate the impact of XSS exploits. Safari 4 also now supports the X-FRAME-OPTIONS...
Page 8 of 9 (210 items) «56789