IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

  • IEInternals

    Notes on Proxy AutoConfiguration Scripts

    • 0 Comments
    I had someone ask me for help writing a Proxy AutoConfiguration script today. PAC files are basically simple JavaScript files that expose one function, FindProxyForURL(url, host) . The function returns a string containing a list of one or more proxies...
  • IEInternals

    Q&A: Rendering Mode for Web Browser Controls (WebOCs)

    • 1 Comments
    Q: Eric, you mentioned that the IE8 Web Browser Control, hosted in Forms / WPF, runs in IE7 emulation mode by default. Is there a way to turn the emulation mode off and have the control work in "real" IE8 mode? A: Yes. This is controlled by a feature...
  • IEInternals

    IE and the Accept Header

    • 18 Comments
    RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited...
  • IEInternals

    The Privacy Impact of Add-ons: New APIs for IE8

    • 6 Comments
    By default, when starting a new session using IE8's InPrivate Browsing feature, toolbars and Browser Helper Objects are disabled. This is done to help protect the user's privacy: many toolbars and extensions maintain their own navigation/search/etc history...
  • IEInternals

    Internet Explorer and Custom HTTP Headers

    • 0 Comments
    Someone recently asked me for a list of custom HTTP request and response headers introduced by the IE team over the years. Here's the list I've come up with so far (including a few that were introduced before I joined the team): Request Headers ...
  • IEInternals

    Cool deal: Windows 7 Pre-orders half price for a limited time

    • 0 Comments
    Not exactly IE related, although IE8 is included in Windows 7: Until July 11th, Windows 7 upgrade pre-orders are available for half-price . Home Premium is $50, and Professional is $100. -Eric
  • IEInternals

    Thoughts on Declaring Security Policies

    • 2 Comments
    My thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog. I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific to...
  • IEInternals

    User Account Control in Windows 7

    • 0 Comments
    It isn't directly related to Internet Explorer, but Mark Russinovich's Inside Windows7 User Account Control article over on TechNet provides an illuminating explanation of why UAC isn't a security boundary, but why it helps protect against malware anyway...
  • IEInternals

    Handling Mixed (HTTPS/HTTPS) Content

    • 128 Comments
    Update: IE9 includes improved handling of Mixed Content. Click to learn more... Background As we developed Internet Explorer 8, we spent quite a bit of time pondering what to do about IE7’s infamous “Mixed Content” warning prompt...
  • IEInternals

    WebOCs, popups, and the default browser

    • 1 Comments
    Applications which host the WebOC (Web Browser control) may choose to support popups and new windows by hooking the NewWindow3 event and returning in ppDisp a pointer to a new, hidden, non-navigated WebBrowser object or InternetExplorer object. If such...
  • IEInternals

    Windows 7 adds support for TLSv1.1 and TLSv1.2

    • 3 Comments
    Windows 7's updated crypto stack (schannel.dll, etc) offers support for TLSv1.1 and TLSv1.2. While disabled by default in IE8 (for compatibility reasons; some legacy sites will fail to connect when the updated TLS version is offered) the new protocol...
  • IEInternals

    IE8 Problem Reports: ASP.NET Menus show blank/white

    • 0 Comments
    Q: My ASP.NET site's menus show as blank/white when my page is rendered in IE8 standards mode. The menus only work if I turn on compatibility view. What's up with that? A: This is actually a standards-compliance bug in the ASP.NET framework. A fix...
  • IEInternals

    Enhanced Security with SEHOP

    • 2 Comments
    Windows Vista SP1 introduced an interesting new memory protection known as SEHOP, which works with other memory protection techniques (like DEP/NX , ASLR, etc) to help prevent exploitation of a specific type of memory-related vulnerability known as SEH...
  • IEInternals

    Good news: Security innovation spreading...

    • 0 Comments
    Version 4 of the Safari web browser now supports the HTTPOnly directive for cookies introduced by IE6 SP1. Now, all major browsers support the directive, which can help mitigate the impact of XSS exploits. Safari 4 also now supports the X-FRAME-OPTIONS...
  • IEInternals

    Vary with Care

    • 14 Comments
    About the Vary Response Header As described in the HTTP/1.1 specification ( RFC2616 ), the Vary response header allows a cache to determine if a cached (still fresh) response may be returned for a subsequent request, based on whether or not the new...
  • IEInternals

    HTTP/HTTPS Port-Blocking in WinINET

    • 0 Comments
    Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use a...
  • IEInternals

    CSS History Probing, or: "I know where you went last week"

    • 5 Comments
    Background One of the interesting attacks which makes the rounds every few years concerns the ability of web pages to use CSS to detect whether or not certain URLs have been visited. Given a sufficiently large set of URLs to probe, a website may be able...
  • IEInternals

    Building Safer ActiveX controls: DOM Bridging

    • 0 Comments
    Over on the BlueHat blog, security researcher Manuel Caballero wrote up an interesting post on how Silverlight avoids exposing unsecured private browser APIs to abuse from RIA content. Anyone building ActiveX controls that take untrusted input should...
  • IEInternals

    Think of the children!

    • 0 Comments
    Another question from the audience today: Q: I like IE8's InPrivate Browsing feature , but I'm worried that it won't let me see what my kids are up to. Can I prevent them from using it? A: Yes. When you enable the Windows Parental Controls feature...
  • IEInternals

    IE Cumulative Update shipped today

    • 0 Comments
    The latest IE cumulative update shipped today ; download it from WindowsUpdate when you get a chance. Over on the Security Research and Defense blog , there's an in-depth discussion of the security bug discovered in IE8 at the Pwn2Own contest at CanSecWest...
  • IEInternals

    Slowing Down: Disabling the Accelerator icon

    • 7 Comments
    We've had a few folks write to the IEBlog asking " How can I disable the little blue accelerator icon that appears when text is selected in a HTML page? " For end users, the answer is straightforward: Click Tools > Internet Options > Advanced...
  • IEInternals

    IE8 and Vista SP2

    • 3 Comments
    We received an interesting question in yesterday's IE Expert Zone chat : now that Vista SP2 is available , will users who installed IE8 before installing SP2 be able to uninstall IE8 without first uninstalling Vista SP2? The question was prompted by...
  • IEInternals

    Q&A: 64-Bit Internet Explorer

    • 87 Comments
    From time to time, folks ask a variety of questions about 64bit IE. I hope to answer the most common questions here. NEW : Internet Explorer 10 uses x64 in a fundamentally different way than IE7, IE8, and IE9, the versions for which the post below...
  • IEInternals

    Hello World...

    • 0 Comments
    tap...tap...tap... is this thing on? Hi! My name is Eric Lawrence, and I'm a program manager on the Internet Explorer team. I joined the IE team in 2004, and I worked on IE7, IE8, and am currently working on the next release of IE. Some folks know...
Page 8 of 8 (199 items) «45678