IEBlog

IE October Security Update Now Available

The IE Cumulative Security Update for October 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses six vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the error resulting in the exploitable condition. For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS08-058
• Microsoft Knowledge Base Article 956390

This security update is rated Critical for all supported versions of Internet Explorer 6 and earlier. The security update is rated Important on Internet Explorer 7 on Windows XP and Internet Explorer 7 in Windows Vista.  Beta versions of Internet Explorer are not vulnerable. 

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

October Chat with the IE Team on Thursday

Join members of the Internet Explorer team for an Expert Zone chat next Thursday, October 16^th at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!

If you can’t join us online, all chat transcripts are published here.

We want to hear your feedback on IE8 Beta 2!

Kristen Kibble
Program Manager

P.S. Upcoming IE chat dates are posted here.

Updates for AJAX in IE8 Beta 2

Sunava Dutta here, a program manager focused on improving AJAX in the browser! Now that Internet Explorer 8 Beta 2 is out, I want to write about some of the latest rounds of enhancements we’ve made. As many of you may recall, back in March we discussed a set of developer experiences in AJAX across scenarios such as client-side cross-domain data access, local storage, and navigation state management among many others. The good news is our team has been working since Beta 1 to tweak and update our implementations based on feedback from developers (thanks for your contributions!) and ongoing updates to the W3C standards drafts on which most of these implementations are based or have been submitted for consideration. Not content with doing just that, we also added a few new features for developers. More on that later…

The AJAX updates we’ve chosen for Beta 2 focus on maintaining cross-browser compatibility and the feature sets that developers have thought would be the most useful. Without further ado, here they are.

XDomainRequest (XDR)

This is an object built from the ground up to make client-side cross-domain calls secure and easy. To reduce the chances of inadvertent cross domain access, this object requires an explicit acknowledgement for allowing cross domain calls from the client script and the server. Additionally, it reduces the need for sites having to resort to the dangerous practice of merge scripting from third parties directly into the mashup page. This practice is dangerous because it provides third parties full access to the DOM. All this comes with the added benefit of improved client-side performance and lower server maintenance costs thanks to the absence of a need for server farms for proxying.

During the Beta 1 timeframe there were many security based concerns raised for cross domain access of third party data using cross site XMLHttpRequest and the Access Control framework. Since Beta 1, we had the chance to work with other browsers and attendees at a W3C face-to-face meeting to improve the server-side experience and security of the W3C’s Access Control framework. As a result, we’ve updated XDR to be explicitly compliant with syntax and directives in the sections of Access Control for requesting simple public third-party data anonymously on the client! (Section 5.1.3 in the Access Control Process Model)

The updates to XDR from Beta 1 allow IE8 to request data from the domain's server by sending an Origin header with the serialized value of the origin of the requestor. IE8 Beta 2 will only return the response if the server responds with Access-Control-Allow-Origin: *, instead of allowing the XDomainRequestAllowed: 1 header as we did in Beta 1. Other changes include support for relative paths in the open method, and restricting access to only HTTP and HTTPS destinations.

Cross-document Messaging (XDM)

Cross-document messaging is another powerful cross-domain feature that I’ve blogged about in the past. Rather than make a backend request to a remote Web service, this allows sites hosting third-party IFrame-based "gadgets" or components to communicate directly with the parent, without unsafely violating the same site origin policy. This has advantages including improved performance and reliability, as developers don’t have to resort to workarounds that behave differently between browsers and have unwanted side-effects. This technique also removes the need for embedding third-party script in your page, lessening the chance of potential information disclosure vulnerabilities like the disclosure of your sensitive data (such as information in your social network profile) to third parties without your consent.

Beta 2 updates here include moving the onmessage handler from the document object to the window object to better align with the updated HTML 5.0 draft.

window.attachEvent("onmessage", HandleMessage);

We also replaced e.URI with e.origin, which is serialized form of “scheme” + “host” + “non-default port”. This is far safer as the URI can carry potentially sensitive information from the origin site that is not needed by the recipient for the decision to grant or not grant access.

if (e.origin == 'http://www.contoso.com') 
        { 
               // process message text     
        }

Finally, the HTML 5.0 draft also mandates that the targetOrigin parameter for the postMessage method now be made a required parameter, as opposed to an optional one. This will make it difficult for developers to make errors by requiring an explicit acknowledgement of the target destination of the message by specifying the origin <URL> or wildcard <*>.

 frameOther.postMessage("This is a message", "http://example.com");

DOM Storage

Today, web pages use the document.cookie property to store data on the local machine. Cookies are limited in capability by the fact that sites can only store 50 key/value pairs per domain. Furthermore, the cookie programming model is cumbersome and requires parsing the entire cookie string for data. While cookies are useful for marking transitions and changes on the client to the server as they are sent with the request headers in chunks of up to 4KB, IE8 brings better alternatives for scenarios involving persisting data on the client and distinctly maintaining sessions in different tabs. The W3C’s HTML 5 DOM Storage objects provide a much simpler global and session storage model for key/value pair string data. Sites can store data for the life of a tab or until the site or user clears the data.

Updates for Beta 2 include changing the name of the persistent globalStorage attribute to localStorage and the removal of the need to specify the domain when writing to the localStorage

// Store a key-value pair.
localStorage.setItem("FirstName","Sunava");

Finally, we also included improved support of the updated onstorage HTML 5.0 event returned when the storage is changed. We now return the URI when the local storage is changed, so that handlers for pages can know who carried out the latest transaction in the storage space in addition to providing the source to the window of the origin. Furthering the good news, the HTML 5.0 Working Group has incorporated the clear method, which we shipped in Beta 1, into the draft. This essentially allows for script to clear all items accessible in its storage space without having to iterate though the keys.

Connectivity Event

The navigator.onLine property and online/offline events now work on Windows XP as well as Windows Vista. The work to enable this was not trivial, as connection awareness in Windows XP is not quite as advanced as Windows Vista. That said, this will be extremely beneficial for developers, who we believe shouldn’t have to worry about OS differences. The value of connectivity events is particularly appealing when used in conjunction with the localstorage, where data can be cached in case of network loss!

XMLHttpRequest

Introducing the XDomainRequest object in IE8 hasn’t diverted our attentions from constantly tweaking and improving XMLHttpRequest, which will continue to be our flagship object for same-domain communications. Post-Beta 1 energies here have focused on a few bug fixes around reliability and working with the Web Apps Working Group to clarify and improve the draft specification, our compliance with it, and W3C public test cases. A timeout method introduced here in Beta 1 for the convenience of developers is currently being evaluated for adoption in the XMLHttpRequest spec.

// Sets timeout after open to two seconds.
xhr.timeout             = 2000;

ToStaticHTML, to JSON, and fromJSON

What do you do with the strings returned from third parties using XDomainRequest or Cross-document Messaging? In today’s world of increasing script injection and Cross-site Scripting (XSS) attacks, having the option of passing these through a safe parser comes as a welcome relief. As detailed in Eric Lawrence's post on Comprehensive Protection for IE8 Security, toStaticHTML provides a powerful way of sanitizing your strings by purging potentially executable content.

//Calling:
window.toStaticHTML("This is some <b>HTML</b> with embedded script following... <script>alert('bang!');</script>!");

//will return:
This is some <b>HTML</b> with embedded script following... !

In addition, IE8 Beta 2’s JSON.stringify and JSON.parse methods provide improved performance as opposed to non-native Javascript serializers and deserializers. Our implementation is based on the ECMAScript 3.1 proposal for native JSON-handling which uses Douglas Crockford’s json2.js API. In addition to the performance benefits of going native, the JSON parser provides a safe alternative to the eval() method, which has been a common and dangerous way to revive JSON objects, and could allow arbitrary script functions to execute.

Other Features

AJAX Navigations has undergone minimal changes since Beta 1. We’ve got some new code samples and overview documentation on this for Beta 2 on MSDN. Improved connection parallelism per host has also undergone a few tweaks and will command its own post soon.

Summary

We’ve worked in standards to make the AJAX experience for developers better. Beta 2 implements the changes mentioned above. Moving forward, we will continue to partner with members in the W3C on a variety of topics including advancing draft specifications. Strong developer adoption of these features is a priority and we’re focusing on help sites transition to integrating these features. For code samples for the AJAX feature set, please refer to our IE8 AJAX Beta 2 Hands on Labs. In case you’ve wondered who the ‘we’ in the AJAX core development team is, below is a photo (unedited, red eyes included) that puts a few faces to the names that pop up occasionally on blogs and mailing lists! Enjoy!

Sunava Dutta
Program Manager

From top left: Sharath Udupa (Developer), Gideon Cohn (Test), Zhenbin Xu (AJAX Senior Developer, Alex Kuang (Test) and Karen Anderson (Test)
From bottom left: Sunava Dutta (Program Manager) and Ahmed Kamel (Developer)Missing from this photo are Françoise Louw (Test), Adrian Bateman (Program Manager) and Gaurav Seth (Developer)

edit: Modified this sentence to reflect "stringify" and "parse": In addition, IE8 Beta 2’s JSON.stringify and JSON.parse methods provide improved performance as opposed to non-native Javascript serializers and deserializers.

IE8 Group Policy

Hi. In previous posts I talked about the IE8 IEAK and new event logging for IE8 in the Application Compatibility Toolkit. Today, I’m going to discuss the improvements we made to Group Policy support for Internet Explorer 8.

Background

For those of you who might be new to Group Policy, here is a quick background. Let’s first assume you use an Active Directory environment to administer the computers in your corporate network. If that is the case, Group Policy provides a wide set of policy settings to manage IE8 after you have deployed it to your users' computers. These settings are locked down and cannot be changed by users, as they are always written to a secure tree in the registry.

The IE Group Policy node in GPEdit.msc (GPEdit.msc is one of the tools used to configure Group Policies):

Group Policy allows you to create IE (and other software) configurations as a part of Group Policy objects (GPOs). The GPOs are linked to hierarchical Active Directory containers such as sites, domains, or organizational units. A client-side extension ensures that your policies are applied and refreshed regularly.

Tools

You might be wondering how to configure Group Policy? All the tools to configure create, manage, view, and troubleshoot GPOs are provided in your Windows operating system. Please check the Windows Server Group Policy site to find a list of the tools that are built into your OS.

The IE8 Deployment Guide, a very important resource itself, is now updated to include content for IE8 Beta 2. For instance, as there are more than a thousand IE GPs, configuring these policies for the first time may seem like a daunting task for a new IT Professional. For this very reason, the Group Policy section of the Deployment Guide has been updated to include recommended Group Policy settings for security, performance and compatibility with IE6 and IE7.

Group Policy support in IE8

In IE8, we have added more than 100 new Group Policies, bringing the total Group Policies supported in IE8 to 1300! Virtually all new IE8 features have Group Policy support, whether it is Compatibility View, Accelerators, or InPrivate Browsing Mode. These policies allow administrators to fully control IE8 features: hide the feature completely, preset the default, lock the user to only use the defaults, etc. For example, an administrator could turn off InPrivate Browsing by enabling the Turn off InPrivate Group Policy.

We understand that organizations have different needs. We provided extra granularity in the form of additional policies, so that features can easily be configured to best suit your needs. For instance, Compatibility View has five Group Policies:

• Turn off Compatibility View
• Turn off Compatibility View button
• Turn on Internet Explorer 7 Standards Mode
• Turn on Internet Explorer Standards Mode for Local Intranet
• Use Policy List of Internet Explorer 7 sites

As an example, if you are confident all your internal line of business applications and web sites work best with IE8, you can enable Turn on Internet Explorer Standards Mode for Local Intranet Group Policy. This will overwrite the intranet standards mode to be IE8. As usual, each policy comes with descriptive explain text that allows you to fully understand what the policy has been designed to do.

The Explain Text for Turn on Internet Explorer Standards Mode for Local Intranet Group Policy:

IE8 plays an important role in helping protect users against a range of attacks by offering new security features like the SmartScreen Filter, Data URI and Encryption support.  All of these security features are GP enabled so the administrator can ensure their users are safe and secure in corporate environments.

Based on the feedback we received from customers, we have Group Policy enabled some of the legacy settings like secondary home pages, something that wasn’t available in IE7. We’ve also given extensive Group Policy support for the Favorites Bar and Command Bar; an administrator now has firm control over how the IE UI will look.

We have refined our Group Policy support in this release and look forward to your feedback once you’ve had a chance to try it out.

Thanks,

Jatinder Mann
Program Manager

IE8 Tab Grouping

Hi, my name is Helen Drislane, I am a program manager on the IE team responsible for some of the user interface including tabs and I‘m going to discuss the new Tab Grouping feature (tab color!) with you. We had a lot of fun putting this feature together, so I am going to explain a little bit about the process involved in designing it and then describe the things you can do with it.

EVOLUTION OF THE DESIGN AND ALGORITHM

After shipping Internet Explorer 7, the IE team collected data from user reviews, from IE Feedback on MS Connect, and from other Microsoft product teams. We formed a list of top user requests which included the new Reopen Closed Tab feature, the new tab Crash Recovery feature, work to ensure that a bad tab would not hang the other tabs, the new Duplicate Tab feature, and many others. That list also includes the following two observation: Today, a tab that is opened from another tab is always put at the end of the tab row. Since it is related to the first tab, it is odd that one has to go searching all the way at the end of the tabs to find it.

Based on this feedback, we decided to rework the tab close algorithm so that tab selection is not always placed to the right when a tab is closed, but it is placed on a tab related to the recently closed tab, to get the following behavior:

In addition to listening to different IE Feedback channels, we worked with user researchers here at Microsoft to hold Usability Studies in which users came in, browsed the web, and explained why and how they were accomplishing their browsing tasks.

During these usability studies, we found a few interesting trends:

• Users queue up a set of tabs. In other words, users will search for something and open up a handful of the search results to read later. This trend also happens with online news sites; users queue up a set of articles they’d like to read later.
• Users use one window to handle multiple tasks (i.e. I have 4 tabs open on work-related sites, 3 tabs for news articles I want to read later, and 3 tabs for restaurants I’d like to take my mother to when she visits)
• After switching from another application, users frequently spend a lot of time looking for a specific tab

In the trends described above, the related tabs (whether they are search results or news articles opened from the same website) would ideally not only be placed adjacent to one another but would also have some visual indication of being grouped together so that different tasks could be more easily identifiable. This is when colors came in to play.

The idea behind tab grouping is that tabs originating from the same source are grouped together. The image below shows MSNBC with two articles from it opened in green, and a Windows Live search on Seattle restaurants with two search results from it opened in blue:

Now with visual indicators on my tabs, I can quickly identify the groups of tabs that are related to different tasks. So if I am switching back to Internet Explorer after using another application, I will quickly identify the blue-colored tabs as information related to the hunt for a good restaurant.

Another important aspect of designing this feature was deciding upon the visual indicators for groups. A common question we get is “How do color blind users use tab grouping?”  We made sure to include these users in our design. The difference between the colors below is great enough that many color blind users can differentiate between the different groups:

In addition, for users who have a screen reader running, we include names of the tab groups (i.e. Tab Group 1, Tab Group 2) on each of the tabs after the title. The picture below shows the two tab groups and the tooltip on the fourth tab containing the tab group information:

Now that you know a little bit about the design of tab groups, I will explain how tab groups are created and what you can do with them.

HOW IS A TAB GROUP CREATED?

If, for example, you're viewing a newspaper website, and would like to queue up some articles to read, there are a few ways in which you can open these articles (links to articles) in new tabs and keep them grouped:

• Right-click on a link and select the “Open in New Tab” option
• Ctrl-click on a link
• Middle-click on a link (The middle-click can be done by either by pressing the mouse scroll-wheel, or if your mouse does not have a middle button/scroll-wheel, simply right and left-click at the same time)

In addition, if you right-click on a specific tab and select the “Open a New Tab” option, a new tab will open up and will be grouped with the aforementioned source tab.

If you do any of the above in IE8, the original tab and all tabs opened up from it will be grouped.

WHAT CAN I DO WITH TAB GROUPS?

If you accidentally close a tab within a group, using the new “Reopen Closed Tab” option in the menu will not only restore that recently closed tab, but will also restore that tab into the right group.

Also, when you have completed a task, tab grouping now makes it easier to close everything related to that task by allowing a one click “Close this Tab Group” option in the tab context menu.

If you would rather have a tab not be associated with the other tabs in the group, you can easily “Ungroup This Tab”.

All of these options are available in the context menu that appears if you right-click on a tab:

In addition to the right-click context menu options, users can drag and drop tabs. Although the main appeal of this feature is that it works seamlessly in the background (there is no work on the user’s side to get this enhanced tab functionality), there are a couple of us who like to over-organize. For the over-organizers out there, dragging tabs into an existing group will make them part of that group. In addition, you can ungroup a tab by dragging it between two un-grouped tabs.

FREQUENTLY ASKED QUESTIONS

Why does the tab stay in the group if I navigate to another page on that tab?

If you are using a specific tab to navigate, the algorithm assumes that your new destination is somehow related to the group. If you don’t want the new navigation to be part of the group, you can either ungroup the tab, or open a new tab to navigate.

Why does duplicating a tab not group the two identical tabs together?

The new duplicate tab feature (found in the right click context menu for tabs) allows you to take the same tab down a completely different path. So although the tabs are identical, the idea is that the user wants to take them in two different directions.

Why are my home pages not grouped together?

Similar to the response above for duplicating a tab, the home pages usually consist of your mail client, your online newspaper, etc. They are not usually related (except that you’d like them all to open when you start the browser).

How can I turn Tab Grouping off?

From the “Tools” button in the Command Bar select “Internet Options”. Select the “Settings” button under Tabs. Uncheck the “Enable Tab Groups” setting.

I hope the content above not only provides a bit of background into the evolution of this feature but also is informative in explaining what you can do with tab grouping.

Thank you for trying out the Beta and I look forward to hearing your feedback!

Helen Drislane
Program Manager

edit: removed reference to the new tab algorithm and removed two images.

Statistical Validation of the IE8 XSS Filter

Greetings, I’m Russ McRee of Microsoft’s Online Services Security & Compliance Incident Management team. My team serves as incident handlers for the various types of attacks our online services face. High on the list of incidents we handle are cross-site scripting attacks. 

There’s an unfortunate misconception surrounding cross-site scripting (XSS) attacks that result in them being perceived as less impactful than other types of attacks, and often more theoretical than practical. I believe this mindset increases inherent risk for Internet users. I wanted to share some statistics that show why I think the addition of the XSS Filter to Internet Explorer is so significant.

The Web Application Security Consortium (WASC) recently released its findings from the Web Application Security Statistics Project 2007. The data in this report adds to the statistics I cited in The Anatomy of an XSS Attack, for the June 2008 ISSA Journal.

Some highlights from the WASC study:

• Of the most prevalent vulnerabilities, including SQL injections, information leakage, predictable resource location, and cross-site scripting, XSS was the most prevalent at 41%.
  
  
• Of 10,297 sites analyzed for the WASC study, 28,796 XSS vulnerabilities were discovered, accounting for 31% of all sites surveyed.

Additional statistics:

• According to the Internet Security Threat Report from Symantec, during the last six months of 2007, 11,253 site-specific, cross-site scripting vulnerabilities were documented, compared to 6,961 between February and June in the first half of the year, for a 62% increase in six months.
  
  
• According to a WhiteHat Security Statistics Report, 90% of all websites have at least one vulnerability, and 70% of all vulnerabilities are XSS.

While statistics can always be used to prove a point, more important are the actions taken to alleviate a problem. Since XSS vulnerabilities are of epidemic proportions, the XSS Filter in IE8 (intended to protect consumers from this massive attack vector) is a great thing.

David Ross, Security Software Engineer on the SWI team has driven the effort that discovers likely XSS in a cross-site request, and identifies & neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing.

Simply put, IE 8’s XSS Filter seeks to provide defense in depth via automatic detection and prevention of common XSS attacks, a pervasive security threat facing Internet users, without deterring performance or compatibility.

Referring back the statistics above, this translates into 70% of possible threats faced by IE 8 users deterred by the XSS Filter.  I’m really excited about the work that the Internet Explorer and SWI teams have been doing  here to provide new levels of protection for users.

Russ McRee

Application Compatibility Logging in IE8

The latest Application Compatibility Toolkit (ACT) release, ACT 5.0.5428.1080 is publicly available and can be downloaded here.

To give you some background, ACT helps customers understand their application compatibility situation by helping identify which applications are compatible with Vista, IE7, and IE8 and which require further testing. ACT allows compatibility data to be uploaded from individual machines to a central location for analysis, grouping and reporting. Once an issue has been identified, help will be available on how to resolve a particular issue or create a workaround. Furthermore, partners and customers using ACT are able to post comments to the Online Application Community, where they can share data and information about application compatibility testing.

The IE components of ACT are:

• Internet Explorer Compatibility Test Tool (IECTT). The IECTT helps identify your Web-based issues, shows your results in real time, and allows you to upload and view the data in the Application Compatibility Manager (ACM), a part of the ACT toolkit. As you test your application or site, the IECTT records events in real time when compatibility issues occur. For instance, if one of your sites injects JavaScript to another site and the IE8 Cross-site scripting (XSS) filter detects this as a reflection attack, a Cross-Site Scripting Filter event would be logged in the IECTT UI.
  
  
• Internet Explorer Compatibility Evaluators (IECE). The IECE can be deployed within an enterprise and will help identify Web-based issues in the background. As you test your application or site, the IECE records events in the background as they occur. You will be able to view the logged events in the ACM after you upload them.

Overall, these tools help customers lower their costs for application compatibility testing, prioritize their applications, and deploy Internet Explorer more quickly.

The work flow for identifying application compatibility issues before rolling out a new version of IE8 is shown below:

1. Install the latest version of ACT and IE8.
2. Either deploy the IECE to a body of testers or use the IECTT and enable logging.
3. Begin a regression test pass of all line of business applications and sites.
4. Once a compatibility event has been encountered, diagnose the problem and create a suitable workaround or fix.

New Application Compatibility Events added in IE8

We added logging for twelve new Application Compatibility Events in IE8, as shown in the table below. Including the IE7 events, we now currently log 31 compatibility events. The Internet Explorer Compatibility article contains more information on these events.

Internet Explorer Application Compatibility article

In the past, we noticed that the ACT tool helped identify the compatibility issues that occur in a line of business application or website, however, the tool itself did not provide any guidance for remediation. In IE8, we are providing a resource that gives exactly that information. The article is linked directly in the IECTT logged message or is directly available here. The article covers the following topics for all IE7 and IE8 compatibility events:

• Logged Message – This is a copy of the event description that you’ll see in the Internet Explorer Compatibility Test Tool.
• What is it? – This is an elaboration of the logged message explaining what the event is. Additional references are provided when available.
• When is this event logged? – This is a short description of what has to happen in your Web page for this event to be logged in the Internet Explorer Compatibility Test Tool.
• Example – Most events include examples that demonstrate how to make the corresponding event create a log entry in the Internet Explorer Compatibility Test Tool. These examples help make the description of the event more concrete.
• Remediation – Guidance on what you can do to eliminate the incompatibility from your Web site.

We will be adding additional examples and remediation to this article before the final IE8 release.

As you can see, we refined our Application Compatibility logging in IE8 and have provided a useful resource in the IE Application Compatibility article. We look forward to you trying it out and giving us feedback in the IE newsgroups.

Jatinder Mann
Program Manager

The IE8 IEAK

Hi, my name is Jatinder Mann and I work on the Internet Explorer Administration Kit (IEAK) and Group Policy. Back in June, James Pratt and Jane Maliouta alluded to IEAK improvements for IE8. Today, I will be talking about the work we have done in this area.

Internet Explorer Administration Kit 8 Beta

IEAK8 Beta is now available publically for everyone to try. To give you some background, the IEAK allows you to deploy customized packages and manage IE settings post deployment within corporations and among Internet Content Providers (ICP) and Internet Service Providers (ISP). For instance, Acme Corp could use IEAK to create a custom IE package for their employees that has Acme favorites, search providers, home pages, Web Slices, Accelerators, and more.

We simplified creating, deploying and managing branded IE packages. We optimized the IEAK to help you build your customized IE packages more quickly and to allow you to configure and customize new features in Internet Explorer 8, like Accelerators and Web Slices.

In this post, I will be talking about how the IEAK:

• Helps customize new features in IE8
• Provides full language and platform support
• Builds IE8 packages more quickly and is more intuitive.

Customize New Features in IE8

The following new features can be now customized via the IEAK8:

Accelerators

You can easily include custom defaults for Accelerators: simply point to an XML file for the desired Accelerator, or import existing Accelerators from a local machine.

Web Slices

In the Favorites, Favorites Bar and Feeds dialog you can now add custom Web Slices by simply clicking on the Web Slice radio button and specifying the Web Slice information.

Compatibility View

Internet Explorer 8 Beta 2 introduces Compatibility View which is a significant enhancement over the “Emulate IE7” functionality from IE8 Beta 1. You can customize this feature in the Compatibility view dialog.

Search Enhancements

 IE8 supports search providers which offer rich text and image suggestions; through IEAK 8 you can add search providers with suggestions and configure default search providers.

Additional IE8 Features

Many other IE8 features, like InPrivate Browsing, Developer Tools and Delete Browsing History, can be customized in the Additional Settings page available in the corporate license mode. For example, in a corporate environment you might want to encourage users to delete saved passwords; you can chose to have the Delete Passwords checkbox in Delete Browsing History checked by default. Similarly, you may want to turn off InPrivate Browsing mode by default.

Build Your IE8 Package More Quickly

Internet Explorer 8 Customization Wizard has fewer pages than the Internet Explorer 7 Customization Wizard: you’ll be able to build your customized package faster now.

Furthermore, we have redesigned some screens to simplify the overall flow of the wizard. Custom Components is a good example of this. Compared to the original screen, this dialog box now displays a list of custom components and allows easy addition and removal of items through a pop-up window.

The IEAK7 Custom Components Screen:

The simplified IEAK8 Custom Components Screen:

Full Language and Platform support

The IEAK8 Beta can build IE8 packages for all platforms and 24 languages supported by IE8 Beta 2. Please refer to the blog posted titled IE8 Beta 2 Available in 25 Languages for a complete list of supported platforms and languages.

How does the IEAK apply branding?

Customers have often asked me how the IEAK applies branding to IE. Branding in this case can be defined as any customization of IE, including all the customizations mentioned above. The IEAK generated IE package contains both the IE8 setup files (unless you are using the configuration only package, in which case IE8 would already be installed on your computer and you wouldn’t need the setup files) and customizations. The IE8 setup is used to install IE8. Upon restart, customizations are applied per user to the registry and branding files.

The customizations are stored in the install.ins file found under the Custom or Signup folders in the Internet Explorer directory. The install.ins file contains all types of branding including IEAK and unattend branding. IEAK branding consists of ISP, ICP and corporate branding, while unattend branding consists of the manufacturer defaults.

Branding is also applied when the user chooses to Reset Internet Explorer settings (RIES). This can be done by selecting Reset under the Advanced tab in the internet options dialog. RIES will apply the branding found in the install.ins file. If a user were to remove the install.ins file and reset IE, the branding step would get skipped. In IE8, RIES comes with a Remove Branding option; however, this option only removes ISP, ICP and Corporate branding; unattend branding will not be removed.

We refined the IEAK in this release and look forward to your feedback once you’ve had a chance to try it out.

Jatinder Mann
Program Manager

P.S. James discusses what's new in IE8 for IT Pros in his screencast here

edit: modified first paragraph under "Build your IE8 Package More Quickly"; added P.S.; trimmed down the Compatiblity View section; updated the first IEAK link

Hello, World: Getting Started with IE8 Visual Search

Hello,

My name is Sébastien Zimmermann. I’m the developer owner for the Visual Search Feature, which Sharon already described in detail. I also own the Accelerators Button Feature, and during IE7 worked on Setup and Phishing Filter—now “SmartScreen® Filter”.

In this post, I would like to get you started on creating your own Visual Search service/provider for Internet Explorer 8. If you own or develop websites of any kind—even if it’s a small website or an intranet site—this post is for you.

Making your website available for search from within the browser enables your customers/users to access your website whenever they need a service from it, without having them type your full web address. Additionally, you (and your brand) are always there with them, right in their browser. The more useful the service, the more likely users are to install it to have an ongoing connection with your website.

To keep things simple, I will take the “Hello, World!” approach: give you the basics so you can quickly get your service running. To keep things simple, this service won’t even be dynamic at first. Once the foundations are there, it will be easy for you to tailor the sample to your own needs, no matter what language your pages are written in.

For the sake of simplicity, I assume in this post that your website is at http://www.example.com—please replace all references of this domain with your own website domain.

Defining Your Service

Before users can install your service, you’ll first need to define it in a way the browser can understand, i.e. through the OpenSearch Description XML file.

Copy the following code and paste it into a file that you’ll put at the root of your website. We’ll name it opensearch.xml, so it will be accessible by anyone at http://www.example.com/opensearch.xml:

<?xml version="1.0" encoding="UTF-8"?>
<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
    <ShortName>example Search</ShortName>
    <Url type="text/html" template="http://www.example.com/results.aspx?q={searchTerms}" />
    <Url type="application/x-suggestions+xml" template="http://www.example.com/suggestions.xml"/>
    <Image height="16" width="16" type="image/icon">http://www.example.com/favicon.ico</Image>
</OpenSearchDescription>


There are three important pieces we define in this file:

• A Results Page URL whose MIME type is text/html, where the user will land after a search—here, results.aspx. The “{searchTerms}” part will automatically be replaced by IE with the user’s search terms. In this sample, I assume your website has an integrated search engine. If it doesn’t, and unless it’s an intranet website, you may replace that URL with the following one instead, which will search your domain using live.com:
  http://search.live.com/results.aspx?q=site:www.example.com+{searchTerms}
  
  
• A Suggestions Service to assist users while typing their search queries—here, suggestions.xml. If you do not want to have a suggestions service, you may omit this line—IE will handle it just fine. Also, if you already have a suggestion service available that uses JSON instead of XML, you may use its URL instead—just replace the application/x-suggestions+xml MIME type with application/x-suggestions+json.
  
  
• An Icon—here we made a reference to a favicon.ico file in the root of your website. This is the icon that will be used as a button in the QuickPick—the row of search provider buttons at the bottom of the search dropdown, pictured above. If you don’t have an icon for now, IE will choose a non-descript default for you, just remove the whole line. But it’s better if you have one—this allows users to recognize your website and/or brand.

Note: for your OpenSearch file to work properly in IE7, it is important that the URL of type text/html appears first in your file, before the one of type application/x-suggestions+xml or application/x-suggestions+json.

Making Your Service Discoverable

Next, you’ll need to tell the browser where to find your service description—i.e. the opensearch.xml file you just created. This is easy; just add the following line somewhere in the <head /> section of any web page where you want to make your service available:

<link rel="search" type="application/opensearchdescription+xml" href="http://blogs.msdn.com/opensearch.xml" title="example Search" />

That’s it. Try loading the page: you’ll notice that the down-arrow next to the search box has lit (). Click the arrow and you’ll now be able to add your very own service in IE!

In addition, you may want to programmatically enable the user to add your provider to IE. Just add a hyperlink or button on your page that calls the AddSearchProvider() method, referencing the description file:

<a href="javascript:window.external.AddSearchProvider('/opensearch.xml')">Click here to add my search engine to IE8!</a>

Note: to check if the user has already installed your provider, you’ll want to use the IsSearchProviderInstalled() method.

Finally, when your service is installed, you’ll automatically be featured on the Accelerators button () without any additional work. Select some text, click on the button, then on “More Accelerators.” Choose your service and it will be called with the text you just selected. Note that you may add support for Accelerator Previews directly from the OpenSearch file. This is beyond the scope of this post, but more information is available here.

Implementing Visual Search Suggestions

Now that your service is described, let’s implement suggestions.xml. Here, I’m going to use a sample that goes over most features to give you the basics.

Ok, so let’s copy the following and paste it into suggestions.xml, at the root of your website:

<?xml version="1.0"?>
<SearchSuggestion>
    <Query>test</Query> <!-- Note: This sample will only work when you type "test" in the search box! -->
    <Section>
        <Item>
            <Text>Hello, World!</Text>
            <Url>http://www.webstandards.org/files/acid2/test.html#top</Url>
            <Description>Your Visual Search service is working!</Description>
            <Image width="100" height="100" alt="Acid2 Smiley" align="top"
                   source="http://ieblog.members.winisp.net/images/acid2smiley.png" />
        </Item>
        <Separator title="This is a separator" />
        <Item>
            <Text>This is a simple text suggestion</Text>
        </Item>
        <Item>
            <Text>And another one with description</Text>
            <Description>This is the description</Description>
        </Item>
        <Item>
            <Text>This is a text suggestion with an image</Text>
            <Image width="16" height="16" alt="Acid2 Smiley" align="middle"
                   source="http://ieblog.members.winisp.net/images/acid2smiley.png" />
        </Item>
        <Item>
            <Text>This is a suggestion with a link and an image</Text>
            <Url>http://www.live.com/results.aspx?q=Hello+World</Url>
            <Image width="16" height="16" alt="Acid2 Smiley" align="middle"
                   source="http://ieblog.members.winisp.net/images/acid2smiley.png" />
        </Item>
    </Section>
</SearchSuggestion>


And voilà! If you type “test” in your search box after selecting your service, you’ll see the cool suggestions featured at the beginning of this post. Note that anything else but “test” won’t work, because IE checks if the <Query /> tag matches what’s in the search box.

If you are using ASP.NET, try this for something a little more dynamic (pictured on the left): rename suggestions.xml to suggestions.aspx, change the URL of type application/x-suggestions+xml in the OpenSearch Description file to http://www.example.com/suggestions.aspx?q={searchTerms}, and re-install your service in the browser (remove it first through Tools->Manage Add-Ons). Then, replace the first couple lines of suggestions.aspx with the following and try searching with your service again:

<%@ Page ContentType="text/xml" Language="C#" %>
<%@ OutputCache Location="None" %><?xml version="1.0"?>
<SearchSuggestion>
    <Query><%=HttpUtility.HtmlEncode(Request["q"])%></Query>
    <Section title="example Search">
        <Item>
            <Text>You typed: <%=HttpUtility.HtmlEncode(Request["q"])%></Text>
        </Item>
        <Separator />

        <!-- The rest of the file comes here -->
        <Item>
            <Text>Hello, World!</Text>
            <Url>http://www.webstandards.org/files/acid2/test.html#top</Url>
            <Description>Your Visual Search service is working!</Description>
            <Image width="100" height="100" alt="Acid2 Smiley" align="top"
                   source="http://ieblog.members.winisp.net/images/acid2smiley.png" />
        </Item>
        ...

Conclusion

The first step being the hardest, I hope this post succeeded in making it easier for you to get started. I look forward to see how you will creatively use the features in IE8 Visual Search to help your users quickly get to things they want on your site. If you need to dig deeper after reading this post, our writers created an excellent “Search Provider Extensibility” article on MSDN.

Now, it is up to you to develop amazing services using this feature. Inspire yourself from the services already available on the IE8 Gallery, and explore the possibilities.

The QuickPick menu makes “vertical” searches—such as Wikipedia, Amazon, and most likely your website—more visible and accessible, and enables users to quickly target their search on your service. So whether your website is about stock quotes and financial news, or sells music, auto parts, or cake… you can provide a way for your customers to have a deep, useful, ongoing relationship with your website.

I sincerely hope you will have as much fun developing for this feature as we’ve all had designing it. We are interested in learning about the services you create. Let us know about them, and do upload your OpenSearch Description File to the IE8 Gallery once finished for everyone to use.

Happy coding!

Sébastien Zimmermann
Software Design Engineer

edit: updated first image

Internet Explorer 8 Beta 2 Now Available in 25 Languages

In August 2008, Dean announced the release of IE8 Beta 2 in English, Japanese, Chinese (Simplified), and German. Today the IE team  is pleased to announce the availability of Internet Explorer Beta 2 in 21 additional  languages. The languages released today are fully localized versions of the IE8 English Beta 2.

The Complete List of IE8 Beta 2 Languages

Note: Please visit the Internet Explorer 8 homepage on Microsoft.com to download IE8 Beta 2 in your language of choice. Alternatively, you can download all languages from the Microsoft Download Center.

Supported Platforms

This release is supported only on x86 versions of the following platforms with the exception of Hebrew which is also supported on 64-Bit versions of Windows Vista and Windows Server 2008. 

• Windows Vista
• Windows Vista SP1
• Windows XP SP2
• Windows XP SP3
• Windows Server 2008

When installing localized versions of Internet Explorer 8 Beta 2 on XP or Windows Server 2003 please remember that the base language of the operating system must match the IE8 language you are trying to install; otherwise the Setup Wizard will display an error. For Windows Vista and Windows Server 2008, the base language of Windows does not need to match the Internet Explorer 8 language version in order for a successful install. When your user active language matches the Internet Explorer 8 language you installed, then IE8 will appear in the desired language. You will still be able to use IE8 in all other scenarios, but it will appear in English as a fall back version.

For further details on install guidelines, please see the How to Install localized versions of Internet Explorer 8 Beta 2 section in the IE8 Beta 2 release notes and the Upgrading to Internet Explorer Beta 2 blog post.

For IE8 Beta 2 support, please consult the list of IE8 Frequently asked questions or visit the IE Beta Newsgroup. The Report a Webpage Problem add-on is available for download and allows you to report a website issue. Additionally, you can sign up through MS Connect to vote on IE8 Beta bugs or request to be added to the IE Technical Beta Program by following instructions found at the bottom of the IE8 Beta Feedback blog post.

With the release of these additional languages, the IE8 IEAK can now build an additional 20 language packages. Download the IEAK and learn more about how to customize IE8 here.

We're excited to enable more users to download IE8 Beta 2 and use it in their native languages! You're feedback is always welcome, so please leave us a comment on this post.

Vishwac Sena Kannan
International Program Manager

Edit: Added the link to the Internet Explorer 8 homepage and removed individual language links

What’s New for IE8 Search

Hello World! I’m Sharon Cohen, Program Manager for Search in Internet Explorer 8. 

If you’re already using IE8 Beta 2, you’ve probably already seen the new search features available in IE8, perhaps you’ve even tried them out. Today I’d like to show you these features in greater detail and fill you in on some of the things we were thinking about when we created them.

Our goal for IE8 is to make searching for what you need faster and easier. We want you to search for the right term on the right provider and get the right information as quickly as possible. Here’s how we make that happen in IE8:

• Search Suggestions present you with suggested queries as you type which help you compose and research your query.
• Visual Search Suggestions are suggestions which include an image and additional text. These can help you visualize what you are searching for and sometimes even get you the information you need without even leaving the search box.
• The QuickPick menu enables you to easily switch to your secondary, non-default, Search providers allowing you to search with the right provider every time.
• History results, directly accessible from the search box, show you pages you’ve already visited and save you a click or two. 
• Automatic Search Accelerators allow you to send selected text on a webpage to any of your search providers skipping the cumbersome copy and paste step.    
• Search query synchronization keeps the search box up to date with your most recent query term even if you search within a webpage instead of the search box. You can quickly edit or redirect your searches.

Search and Visual Search Suggestions

Search Suggestions allow your installed search providers to suggest different queries to you while you are typing. This is great when you aren’t sure of how to spell someone’s name or you can’t quite remember if the movie was called “The Birdcage” or “The Bird’s Nest”. You might already be familiar with textual search suggestions as they are already in use on some popular websites and in some toolbars. (IE8 supports JSON suggestions which some of these use.) 

In IE8, we expanded the notion of a suggestion. In addition to providing text suggestions, search providers can now deliver visual suggestions, suggestions which include an image. The picture below shows text suggestions from Live Search and visual suggestions from Amazon.

Check out how Amazon customized the title of their suggestions section allowing them to indicate how many product matches are available for a given search term. You’ll also notice below how search providers can add additional separators to their suggestions. Both eBay and The New York Times have included separators which distinguish query suggestions from product or article results. 

Above, you can see that some of the suggestions include some additional gray italic text. This text is simply a description, and provides some additional information about the suggestion or result. These allow you to make an informed decision about which selection might be most useful to you. 

To try out these, and other search providers, head over to the new IE Gallery site. 

If you own a website and are interested in supporting search suggestions, you can read more about how it works and how to implement suggestions on MSDN. Also, stay tuned to the IE blog for more info on this topic.

QuickPick Menu

Searching on the right provider, at the right time, is a key factor in helping you find the right information. Searching on Live Search for “The Office” returns good results for sites about the show or NBC, but if what you are really interested in is DVDs of The Office then you probably want to be searching on Amazon or eBay. With the QuickPick, searching on your secondary providers is just two clicks away. 

As soon as you click in the Search box, the QuickPick menu will appear. This menu shows the icons of your installed search providers. When you hover over them, you will see a tooltip with the provider’s name. 

Click on the search provider you want to switch to and you’ll be off and searching on that new provider. Find on Page is also accessible from the QuickPick menu when you click on the “Find…” button. The QuickPick will drop below search suggestions after you start typing so you can access it at all times.

The QuickPick always remains a single line regardless of how many search providers you have installed, and in the default search box size, will hold up to eight providers on the QuickPick menu. To allow more providers on the menu, simply increase the size of the search box by hovering your mouse between the search box and address bar; you will see a horizontal arrow appear at which point you can click to drag the search box to your preferred size. 

Additionally, the order of your search providers can be changed, so you can choose to place your most frequently used providers upfront for quick access. To change the search providers order from Manage Add-ons; click the search box dropdown arrow and select Manage Search Providers.

History Results

The last section that you’ll notice in the search box dropdown contains results from your local History. Imagine you’ve already visited a site, you just can’t remember exactly what it was. This is where history results can be helpful, they show you where you’ve already been. The results are searched on by the URL and the title of the page. They are the same results you’ll see when you type in the address bar. Christopher and Seth posted some details earlier this week about how the address bar uses Windows Search to give you great results.

Search Accelerators

By now, hopefully you’ve read about and tried out Accelerators (“Activities” in Beta 1). We hope you’ve noticed that all your search providers are now available as Accelerators. Your default search provider will always be your default search Accelerator and your secondary providers will always be available in the Accelerator overflow menu. 

If you own a website, you may be thinking “well that’s great… but I want my search provider to support Accelerator Previews. Does that mean that I need to build both an Accelerator and a search provider?” Actually, no, you don’t need both of these! If you want to build a search provider which supports an Accelerator preview, you can do that by adding the Accelerator preview URL to your OpenSearch description file. Details can be found here.

Search Query Synchronization

One last cool feature you may not have noticed yet is search query synchronization. As you search on your installed search providers, IE will track queries done from within the websites of those providers. For example, if Live Search is one of your installed search providers, try this:

1. Navigate to www.live.com
2. Search for something from within the webpage
3. Check out your search box

The term that you searched for is now populated in the search box. (Note that this may not work on all search providers due to redirections or changes in the URL that IE isn’t able to recognize and correlate to one of your installed providers.)

With this nifty little feature, if you ever need to switch search providers, your latest search query term is already waiting for you up in the search box. 

Hope you are out there enjoying all these great search features. Happy Searching!

Sharon Cohen
Program Manager

edit: Updated link in first paragraph under Accelerators

The IE8 Smart Address Bar Part II: A Few More Features

In an earlier post, we introduced the new IE8 Smart Address Bar dropdown functionality. Now we thought we’d spend some time discussing some of its less obvious features in more detail.

More about the IE8 Smart Address Bar Autocomplete Suggestion

With Windows Search installed, IE8 makes an attempt to determine what site you’re trying to get to. The site that it determines is most likely the one you’re looking for is called the “Autcomplete Suggestion.” This entry is given the SHIFT+ENTER shortcut, so it’s very easy to go to your most recommended site. But how do we determine what’s most relevant?

We use a variety of factors to determine what site you’re trying to get to. IE8 takes into consideration what you’re typing in the Address Bar and weighs the results based on how well what you’ve typed matches against a variety of fields. For example: an exact match against the domain is ‘worth more’ than a match against a fragment down in the querystring part of the URL. We’re not going to give the exact rules for our algorithm (to avoid people gaming the system), but basically, some parts of the URL are more important than others. All matches are returned as part of the potential set of results, but “how good” a match helps determine the order.

Once IE has narrowed down the set of hits based on what you’ve typed, it uses a bit more data to determine what you’re looking for, including how often you go to a particular site, and whether or not you’ve selected it from the list before. All of these are part of the relevancy model.

But what’s most important to any user? Their History, a Favorite, or a Feed? Since your History tends to be a super-set of all your other data (every Favorite you visit, or Feed you read also ends up in History), IE8 gives precedence to the top History item. If no matches are available in your History, the Autocomplete Suggestion will return your top Favorite. If no Favorite matches, it will return your top Feed.

This feature was designed as the replacement for Inline Autocomplete, which was removed in IE8 Beta 1. Inline Autocomplete had no smarts: it just completed what you were typing with the first complete match from your history, sorted alphabetically.In IE8 Autocomplete Suggestion is essentially the same thing (only now you use SHIFT+ENTER instead of just ENTER), and because of relevancy, we’ve found that it’s the address users are looking for over 2/3 of the time.

Search from the IE8 Smart Address Bar

For those of you who may or may not have noticed, whether you type in the Address Bar or Search Box, the dropdown underneath is the same control. Although it looks a little different depending on where it is, it’s all the same code running. One difference in how the dropdown acts is that, for example, under the Address Bar, it shows the keyboard tips section at the bottom, but under the Search Box, it shows the QuickPick menu.

But did you know that you can flip the dropdown into Search Box mode, even when typing from the Address Bar? Just type a question mark followed by any word, string, or phrase, and it will act just like you opened the Search Box, with one exception: the keyboard shortcut section is visible and the QuickPick menu is not. Otherwise it’s the same – you get search suggestions (if available) from your default search provider and IE8 only shows you matches from your typed addresses and History. If you don’t rely on the QuickPick menu, it’s a great way to quickly do a search. Here’s a screenshot of Visual Search results coming back from an Amazon search for ‘xbox 360:’

If you typed multiple words in IE7, it would assume you’re searching for something, so it would pass what you typed along to your auto-search provider. To do that in IE8, just type ‘Find,’ ‘Search,’ or ‘Go’ as the first word, type the word or words you’re looking for, and then hit ENTER. Side note: this works in IE7 too. “Find” and “Go” don’t flip the Address Bar dropdown into search mode, it just tells IE to treat your string as a search when you hit ENTER.

Files and Folders mode

There’s also a Files and Folders mode in IE8. Just type any local or network path, and we’ll enumerate your local (or networked) files and folders. This is a handy way to quickly find and launch a local resource, but remember: IE will probably hand launching the file, directory or executable off to the Windows shell to handle, since IE may not know what to do with, say, a random DLL on your machine. If it’s a file format that IE understands (JPG, text file, etc.), then it’ll likely open in the frame. Note that in Files and Folders mode, IE8 does not do any hit highlighting and there are no keyboard shortcuts:

Navigating with the keyboard

We made sure that the Autcomplete dropdown in IE8 was as accessible to keyboard users as to those of us who use the mouse. It’s very easy to use the keyboard in the dropdown:

• Use the UP and DOWN ARROW keys to move between items; the arrow keys will skip over section headers.
• Use the TAB key to move between section headers; the TAB key will skip over items. If you want to expand or collapse any section with the mouse, just TAB to it, then hit the SPACE or ENTER key.

Both the ARROW and TAB keys ‘wrap’ at the top and bottom of the dropdown, so if you keep hitting TAB (or its reverse, SHIFT+TAB), you’ll keep cycling through the group headers. To advance focus to the control immediately after the Address Bar, just hit ESC to close the dropdown, then TAB will advance normally.

For users with a screen reader, it should not only announce the name of the group you’ve selected, but also how many items are available. As you select individual items, it will not only announce the item’s Title and URL, but the position of the item in that group as well.

The keyboard tip section at the bottom of the dropdown will show you various key combinations for quick navigation with IE8. The arrow beneath the keyboard tip sections is counted as its header row for expanding or collapsing it. Here’s the tip section in its expanded state:

We’ve typed ‘microsoft’ in the IE8 Smart Address Bar for this example. IE has supported the CTRL+ENTER keystroke for some time, but it never advertised this keystroke to users before. Now you can easily see what happens, and tune the behavior of IE, just by choosing the right combination of keystrokes. The middle option in the screenshot (the “microsoft.net” option for CTRL+SHIFT+ENTER) only appears if you’ve selected a custom suffix, which can be done via the “Languages” button on the General Tab of IE’s options screen. If that option is left blank, then this line will not appear.

The keyboard tip section always defaults to its collapsed state (it won’t ‘stick’ open). We do this because most users don’t need to see all the keyboard tips all the time. Since they don’t change, once you learn them you don’t need to be constantly reminded about them, and the advanced users who user keyboard shortcuts more tend to want the UI to take up as small amount of real estate as possible.

Open the dropdown without typing anything

The Autocomplete dropdown can be opened even if you don’t type anything – just click the down arrow to the right of the address bar:

With Windows Search installed, this will show you your ‘top’ sites from each group – the places, sites, and Feeds you read, select, and visit most often. Without Windows Search installed, this will show you your ‘most recently used’ list of History and Favorites.

Thanks,

Christopher Vaughan & Seth McLaughlin
Program Managers

Introducing the IE8 Developer Tools JScript Profiler

Hello! I am Sameer Chabungbam, one of the Program Managers on the JScript Team.

The recently released