IEInternals

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that...

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that...

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that...

The security setting “Websites in less privileged web content zone can navigate into this zone”: ... is one that leads to more questions than almost any other. This setting, also known as Zone Elevation protection , was originally designed...

Emulating the “non-Desktop Experience” in the Desktop Experience The new full-screen “fast and fluid” experience of IE10 on Windows 8 offers many improvements over Internet Explorer 10 on the Desktop (ranging from UX to Security...

More and more file formats are based on the ZIP format . The Open Packaging Conventions use ZIP as a base format, and that means frameworks like .NET’s System.IO.Packaging also generate files that are valid ZIP files. The Office 2007+ formats are...

When I first joined Office, I worked on the team responsible for delivering Help, Templates, and ClipArt into the client applications. As we were testing our work in various simulated customer environments, we found a big problem. At least one big customer...

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that...

Back in March of 2011 , I mentioned that we had encountered some sites and servers that were not sending proper Content-Length headers for their HTTP responses. As a result, we disabled our attempt to verify Content-Length for IE9. Unfortunately, by...

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that...

Ordinarily, Internet Explorer loads local HTML files in the Local Machine Zone. Locally-loaded HTML files are subject to the Local Machine Lockdown feature which prevents pages from running active content like JavaScript or ActiveX controls, showing the...

Over on the Microsoft PKI blog , there’s some important information about upcoming changes for website operators who use HTTPS or deploy Authenticode-signed applications or ActiveX controls. Weak RSA Keys Blocked To briefly summarize the PKI...

Internet Explorer maps web content into one of five security zones. After the Local Machine Zone, the Local Intranet Zone is probably the most misunderstood of the Zones, and is a common source of confusion and compatibility glitches. Mapping into...

This post contains random IE-related tidbits for which there’s either not enough material or time to write a full post. I expect to revisit and expand this list from time to time. Case-Sensitivity in Cross-Frame Scripting of File URIs Same...

When I surf the web, I almost always have Fiddler running, and as a consequence I see a lot of “hidden” pollution in pages. Much of this cruft has built up over the years, copied from site to site, probably with little critical thought about...

First, a bit of background. When web developers are optimizing the performance of their sites, often they try to use their homepage to pre-cache resources that will be used on later pages. They might do so by kicking off "pre-fetch" resource downloads...

When the Internet Explorer team first introduced the Search Box next to the address bar in IE7, we also introduced an easy way for users to install search engines offered by websites that they visit. Users who want to add a site's search engine to the...

In Part 1 of this series, I described how Same Origin Policy prevents web content delivered from one origin from reading content from another origin. (If you haven’t read that post yet, please do start there.) In today’s post, we’ll...

Recently, the IESG approved publication of a new Internet-Draft defining the HTTP/308 status code (Intended Status: Experimental). This status code is defined as the "Permanent" variant of the existing HTTP/307 status code. Recall that HTTP/307 was defined...

Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and...

A recent blog post reminded me that I should blog about a bad pattern we saw a few months back while trying to fix some application compatibility bugs with IE10. It turns out that a lot of applications that want to invoke a webpage call ShellExecute without...

Continuing on from last year’s IE9 Minor Changes list , this post describes minor changes you can find in Internet Explorer 10 in the Windows 8 Consumer Preview. There are many changes that I will not be covering, please do not mistake this for...

Recently, there was a blog post which described a browser security feature as " like a seat-belt that snaps when you crash ." This wasn’t a particularly noteworthy event because similes are pretty common in our field. Almost e veryone likes similes...

My First Law of Browser Quirks was introduced a while ago : If there’s a way for a site to take dependency on a browser quirk, and break if that quirk is removed, it will happen . The Second Law of Browser Quirks is: If there’s a way for a...

Recently, someone attempted to download a deprecated version of the Windows Script debugger . This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me...