IEBlog

W3C SVG Working Group Update for January 2010

In this post, I want to share some examples of the progress going on in the SVG Working Group. Microsoft recently joined the SVG Working Group, and other members (Mozilla, Apple and Opera among others) welcomed us warmly. I'm hopeful about the ways that SVG (both its current direction and future potential) could make the web better. We want the spec to be clear, consistent, and predictable for developers. We’re working out ambiguities such as “Pointer events and clip-paths”, “CSS Selectors <use> and as well as inconsistencies with stroked-dasharray” and “<use> and its interaction with the DOM and rendering” so that web developers can write SVG once and know that it will be interoperable across browsers.

I have to admit I was a little hesitant at first to get guidance and clarity on a dozen or so items we found to be ambiguous (see public SVG WG discussion threads), however the positive response has been overwhelming.   Of course we are not the only members raising these issues, but we are happy to be a part of the process.  The future of SVG is bright.

Additionally, Microsoft looks forward to hosting the next SVG Working Group face-to-face meeting in Brussels this May.

A special thanks to those on the Working Group for their warm welcome and shared goals of creating a specification that will promote standards based interoperable graphics for the web.

Patrick Dengler
Senior Program Manager
Internet Explorer Team

IE Cumulative Security Update Now Available

Today we released a Cumulative Security Update for Internet Explorer.  We’ve released this Cumulative Security Update earlier than originally scheduled based on malicious activities reported on the web. The update is available via Windows Update and Microsoft Update. Most users configure their machines to update automatically; you can find more information on that here.

This update actually includes 236 separate packages for all the different languages and versions of Windows and IE that customers run and Microsoft supports worldwide. We release these packages simultaneously for all supported products and languages as part of this update. The complete matrix of browsers, operating systems, and languages is available in the security bulletin. At a high level, these packages cover:

• Seven operating system versions: Windows 2000, Windows XP, Windows Server 2003, 2008, and 2008 R2, Windows Vista and Windows 7. Customers run 32-bit, 64-bit, as well as Itanium versions of some of these operating systems, as well as a variety of different service packs.
• Four different versions of IE: 5.01, 6, 7, and 8.
• All supported languages. Older versions of Windows require separate language-specific packages, typically between 18 and 25. Windows Vista and later operating systems have a single language-neutral binary to update IE.

We test each security fix thoroughly with different variants of the security issue. We also test the entire package extensively for compatibility and reliability, as well as any setup, deployment, and manageability issues. Also, security updates are cumulative and contain all previously released updates for each version of Internet Explorer, to make securing any system (one updated a month ago or never updated at all) easy.

This update addresses several vulnerabilities including the one described here. Other blog posts describe specifics. Some of these vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.  Note that IE8 users on Windows 7 have extensive defense in depth protections with DEP, ASLR, and protected mode that make remote code execution from a malicious site extremely difficult.  Microsoft therefore strongly recommends customers upgrade to IE8 to benefit from these extensive defense in depth protections.

For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS10-002
• Microsoft Knowledge Base Article 978207

We encourage everyone to set their operating system to automatically update with the latest security updates for all their software.  You can find more information here.

Dean Hachamovitch

IE General Manager

Add-on Guidelines in Action – Crawler Toolbar

A new version of the Crawler Toolbar has recently been released and comes with many improvements to the user experience similar to the changes we described in a previous post about the AVG Security Toolbar. It’s another great example of the Guidelines for add-on developers in action. Here are some high-level examples of the changes they’ve made:

• The close button is visible so that users can manage it like other toolbars. Additionally, the toolbar is positioned in a supported location which improves stability and performance.
• It no longer modifies the new tab page to maintain a predictable new tab experience for users.

Many thanks to the Crawler Toolbar team for the work they’ve done to provide a more predictable and reliable experience, keeping users in control of the browser.

-Paul Cutsinger and Herman Ng

Before: Previous version of Crawler Toolbar

After: Newest version (5.1.0.177) of the Crawler Toolbar provides a more predictable experience and lets users stay in control of their browser

Microsoft Joins W3C SVG Working Group

As a part of Microsoft’s continued commitment to interoperability and standards support, yesterday we submitted our request to join the Scalable Vector Graphics (SVG) Working Group of the World Wide Web Consortium (W3C). We’re excited to take part in ensuring future versions of the SVG spec will meet the needs of developers and end users.

As stated on its Web site, “the mission of the SVG Working Group is to continue the evolution of Scalable Vector Graphics as a format and a platform, and enhance the adoption and usability of SVG in combination with other technologies.” We recognize that vector graphics are an important component of the next generation Web platform. As evidenced by our ongoing involvement in W3C working groups, we are committed to participating in the standards process to help ensure a healthy future for the Web. Our involvement with the SVG working group builds on that commitment.

To date, I have had several interactions with the SVG working group, and their clear dedication to creating a great technology for end users and developers alike stands out.  I personally look forward to future and more direct involvement with this great set of folks.

Patrick Dengler
Senior Program Manager
Internet Explorer Team

Welcome 2010!

Happy Nw Year!

Accelerator Creation Guide

Introduction

There are a lot of really cool services out there, and I think a lot of them would fit in really well with Accelerators. But even though there’s a lot of value to be had in creating Accelerators, I don’t think we’ve ever had a blog post explaining a step-by-step process for how to do it. I’m hoping this post will help with that.

I’ve been working on the feature for a while, so I’ve come up with some tips and best practices that have helped me become more efficient in building Accelerators. There are also a few mistakes I’ve seen (and made!) over and over again, so I’ll talk about those in the hope of making the development process a bit easier for everyone else out there.

Building an Accelerator

Accelerators streamline the common copy-navigate-paste operation by enabling users to send selected content from the current webpage to one of their favorite services. Fortunately, even though the feature is quite powerful, it’s actually quite easy to write code that uses it. Here’s a step-by-step guide for creating a simple Accelerator.

First, I’ve put up an Accelerator template, with sample information pre-loaded. All you need to do is swap out the sample information for yours. Note that you don’t need to be the service provider to build an accelerator that interacts with a service. If you can find the following information, then you can build an accelerator for virtually any service you want.

Here are the steps:

1. First, choose a <homepageUrl> for your Accelerator. This is an important field—all the other URLs in the manifest need to match its domain. Generally speaking, the top-level domain for your service is a good choice.

   Example:  <homepageUrl>http://www.example.com</homepageUrl>

2. Fill in the absolute path to your favicon into the <icon> field. One trick for doing so: right-click on the service page, view the source, and then search for an .ico file.

   Example:  <icon>http://www.example.com/favicon.ico</icon>

3. Under the <display> node, choose a <name> that’s descriptive of your service, while under 50 characters. We recommend that the name include the Accelerator category followed by the name of the service provider.

   <display>
   <name>Act with Example.com</name>
   </display>

4. Choose a “category” attribute for the <activity> field. I have another post on categories, but here are the ones we recommend:
   • Blog - A blog service that creates a new blog post based on a link or user-selection
   • Bookmark - A service adds a link to the user's personal bookmarks on the web
   • Define - A service that provides definitions based on a selection
   • Email - A service that provides email communication that can create a new email message
   • Find - service that finds related content within the scope of the site
   • Map - A service that provides map locations based on user-selection
   • Send - A service that converts web data into application data
   • Share – A service that shares a link (with optional comments) with the site community or network
   • Translate - A service that translates the current webpage or user-selection from one language to another

   Choosing a descriptive category is important for how Accelerators are grouped in the accelerator menu, and enables users to understand what your Accelerator will do before even experimenting with it.

5. Choose which contexts you want your Accelerator operate on—“selection”, “link”, and/or “document”—and then add them as attributes to one or more <ActivityAction> elements. For example:

   <activityAction context="selection"> … </activityAction>

   The link and document contexts could probably use a little extra explanation. The link context is activated when a user right-clicks on a link and then executes an accelerator from the resulting context menu. Similarly, the document context is activated when the user right-clicks on the page itself and uses the context menu, or goes to the Page menu and executes something under the “All Accelerators” submenu.

6. Next, fill in the “action” attribute of the <execute> element with the URL of the service you want to use. See the section below regarding variables to find out how to pass data into your service.

   Example:  <execute action="http://example.com/default.aspx?sel={selection}&amp;src=IE8">

7. Preview windows are a great way of delivering the output of a service to users as part of a more inline browsing experience—it’s also a great way of enticing them to visit a service’s home page.

   You can add a preview window via the <preview> element. I’ve written a section about preview below.

   Example:  <preview action="http://example.com/default.aspx?sel={selection}&amp;src=IE8">

The sections that follow provide some more in-depth specifics about the steps above.

Variables

IE exposes a number of variables for use with Accelerators. Here’s a list of the most commonly used variables:

• {selection} - the user selection within the webpage. Only available in selection context.
• {documentUrl} - the URL of the webpage where the Accelerator is invoked.
• {documentTitle} - represents the title of the webpage where the Accelerator is invoked.
• {link} - the URL of the user selected URL.
• {linkText} - the text of the user selected URL.

A full list of variables is available here.

There are two methods of passing these variables to a service through an Accelerator. The first is through the query string:

<execute action=”http://www.example.com/script.aspx?foo=bar”>

The second is through one or more <parameter> tags:

<execute action=”http://www.example.com/script.aspx”>

<parameter name=”foo” value=”bar” />

</execute>

Note that using a <parameter> element is the only way to insert data into the body of the HTTP request. You can use POST with a parameterized query string, as well, but any parameters you pass will show up in the URL. You can specify a GET or POST request via the “method” attribute of the <activityAction> element.

Adding Preview

Preview is probably the most visible feature of Accelerators, and one of the most useful when implemented effectively.

Accelerator previews occupy a window of size 320x240 pixels. Given this, most Accelerators that use it create a special preview page for displaying it.

The key to an effective preview is returning the most relevant information possible based on the information sent by the user, then making sure it fits in the space provided by the preview window.

The Bing Maps Accelerator, for example, maps the location of a selected address using its own UI, scaled down to 320x240:

<preview method="get" action="http://www.bing.com/maps/geotager.aspx">
<parameter name="b" value="{selection}" />
<parameter name="clean" value="true" />
<parameter name="w" value="320" />
<parameter name="h" value="240" />
<parameter name="client" value="ie" />
<parameter name="format" value="full" />
</preview>

Note that you can pass variables to the preview window the same way you can for execution. For example, the Accelerator above uses {selection}.

Another handy rule of thumb is load time—if it takes your preview window takes more than half a second to load, you probably have too much in it, from a user experience perspective.

One trick that you might find useful involves using the mobile version of a service for a preview window. We deliberately sized the preview window to be compatible with mobile services.

Testing your Accelerator

Once you’re done building your Accelerator, it’s time to test it out. We have a Javascript API for installation. Some code like the following will create a link that brings up the Accelerator installation dialog:

<a href=”javascript:window.external.addService(‘myAccelerator.xml’)”>Install me</a>

In order for this to work, you’ll need a live web server—trying to open the link from a page on your local hard drive will result in an error. Any kind of local server will work fine, though—you can use Visual Studio’s ASP.NET server without issue, for example.

If everything goes well, you’ll see the normal Accelerator installation dialog. If it doesn’t, you’ll see something like this:

Whenever I see this dialog, there are a couple of mistakes that very frequently turn out to be the culprits.

Encoded Characters

The first has to do with XML itself. When dealing with query strings, it’s very common to pass in multiple arguments using the ampersand character. Unfortunately, this is a reserved character in XML, so using it as a literal in a query string will raise an error. Instead, you’ll need to escape it with “&amp;”, like this:

<execute action=”http://www.microsoft.com/testscript.aspx?foo=test&amp;bar=test”>

Matching Domain Requirement

The second has to do with the <homepageUrl> tag. To properly identify a service, we require that the URLs specified in <homepageUrl>, the action attribute of <execute>, and the action attribute of <preview> all share the same domain. If this isn’t the case, an error is raised.

Test Cases

Once you can install your Accelerator, there are a few scenarios you should definitely test, since they tend to break for a lot of the Accelerators already out there:

• Blank content – what happens when blank content is sent to your service? Do you have a graceful error message in place?
• Multi-line content – does your service handle line-breaks the way you think it will? You may want to make sure you parse for the carriage return-line feed sequence (“%0d%0a” in URL encoding) and replace it with something appropriate, like a space.
• Script – Some user selection may have JavaScript associated with it. If you specify HTML selection, then your service should be filtering this script on the server for security reasons.
• Large selections – Accelerators truncate GET requests at 2048 characters. If you’d like your accelerator to be able to handle more data, you might consider using POST.

Next Steps and Conclusion

Once you have a cool Accelerator built, feel free to upload it to the IE Gallery. It’s a great way to gain more exposure for your Accelerator and your service.

I hope this post was helpful in creating Accelerators. If you have any feedback on this post, any thoughts on Accelerators in general, or any cool creations you’d like to share, feel free to leave a comment.

Thanks!
Jon Seitel
Program Manager

Recap of Add-on-Con

We’ve just returned from Add-on-Con, an annual conference for browser add-on developers held at the Computer History Museum in Mountain View California. The add-on development community is an entrepreneurial bunch of people and it’s exciting to hear about what they’re working on. Herman Ng, Christopher Griffin, and I were there to present and chat with people. Matt Crowley was also in town so he was able to stop by for part of the day.

Herman spoke about best practices to improve reliability and performance. This topic really resonated with the audience. It’s clear developers want to deliver a great experience to customers by building cool features, having great reliability and performance, and getting exposure in the IE Add-on gallery. Based on the amount of interest we saw, Herman will be reworking his presentation into a series of blog posts starting early next year. So you don’t have to wait, I’ll give you two of Herman’s quick tips for add-on developers now.

1. Get crash reports for your add-on from Windows Quality Online Services (Winqual). This is a great resource for discovering and debugging crashes in your product.
2. Post your add-on to the IE Add-on gallery. Developers click “join” and then click on your username to upload add-ons.

My presentation covered how to build Webslices (msdn), Accelerators (msdn), and Search Providers (msdn). These extensions are a great way to connect your customers with your services without the risk of introducing performance or reliability problems. You can also build and deliver them with a little bit of XML and markup so you can connect users with your site or service in hours rather than weeks.

Thanks to everyone at OneRiot, GetGlue, and YooNo for organizing such a great event!

Paul Cutsinger
Principal Program Manager
Internet Explorer

IE December Security Update Now Available

The IE Cumulative Security Update for December 2009 is now available via Windows Update or Microsoft Update.

This security update resolves four privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer.  The security update addresses these vulnerabilities by correcting the control and by modifying the way that Internet Explorer handles objects in memory.  For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS09-072
• Microsoft Knowledge Base Article 976325

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7 (except when running on supported editions of Windows Server 2003 and Windows Server 2008), and Internet Explorer 8 (except when running on supported editions of Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2). For Internet Explorer 7 and Internet Explorer 8 running on Windows servers as listed, this update is rated Moderate.

IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Billy Rios
Program Manager
Internet Explorer Security

IE8 SmartScreen in action

Last week at PDC, as we were about to start talking to people about IE9, I saw the following notification from my Facebook account:

From: Facebook [mailto:notification+mwm5axbx@facebookmail.com]
Sent: Tuesday, November 17, 2009 10:05 AM

Dina posted something on your Wall and wrote:

"funny vid of u, you see it? http://www.facebook.com/l/ca339;hTTP://www.N70.InFO/2d"

To see your Wall or to write on Dina's Wall, follow the link below:

<..>

Thanks,

The Facebook Team

The message was from someone I know pretty well, and I believed the message. The address itself (http://www.n70.info/2d) wasn’t that suspicious; there are a lot of URL shortening services, and the .info domain has many legitimate sites on it. So I clicked the it:

and thought – whew. 

IE8’s SmartScreen now blocks malware sites over two million times a day. IE8 offers a lot of protection from real-world attacks: phishing protection, a cross-site scripting filter, and Protected Mode (I may run as an administrator, but my browser doesn’t). With attacks on the rise, using (or upgrading to) a browser with this much protection is more important than ever. IE8 also offers great reliability because of process-isolation, and offers users the ability to manage add-ons that affect performance and stability. InPrivate Browsing and InPrivate Filtering are also quite handy.

I wrote back to my friend, and she was surprised. You can read Facebook’s guidance about what to do if this happens to you or a friend.

Dean Hachamovitch

An Early Look At IE9 for Developers

We’re just about a month after the Windows 7 launch, and wanted to show an early look at some of the work underway on Internet Explorer 9. 

At the PDC today, in addition to demonstrating some of the progress on performance and interoperable standards, we showed how IE and Windows will make the power of PC hardware available to web developers in the browser. Specifically, we demonstrated hardware-accelerated rendering of all graphics and text in web pages, something that other browsers don’t do today. Web site developers will see performance gains and other benefits without having to re-write their sites.

Performance Progress. Browser performance involves many different sub-systems within the browser. Different sites – and different activities within the same site – place different loads and demands on the browser.

For example, two news sites might look similar to a user but have very different performance characteristics. Because of how the developers authored the sites, one site might spend most of its time in the Javascript engine and DOM, while the other site might spend most of its time in layout and rendering. A site that’s more of an “application” than a page (like web-based email, or the Office Web Apps) can exercise browser subsystems in completely different ways depending on the user’s actions.

The chart below shows how much time different sites spends in different subsystems of IE. For example, it shows that one major news site spends most of its time in the script engine and marshalling, while another spends most of its time in script and rendering, and the Excel Web App spends very little of its time running script at all.

Note that this chart shows the percentages of total time spent in each subsystem, not relative time between sites. It focuses on just the primary browsing sub-systems and doesn’t include “frame” functionality (like anti-phishing), or third-party software that’s running in the IE process (like toolbars, or controls like Flash). It also factors out networking since that’s dependent on the users network speed. Notice also that a site’s profile can change significantly across scenarios; for example, the Excel Web App profile for loading a file is quite different from the profile for selecting part of the sheet.

The script engine is just one of these browser subsystems. There are many benchmarks for script performance. One common test of script performance is from Apple’s Webkit team, the SunSpider test. The chart below shows the relative performance of different browsers on the same machine running the SunSpider test.

In addition to IE7 and the current “final release” versions of major browsers, we’ve included the latest pre-release “under development” builds of the major browsers. We’re just about a month after IE8 was released as part of the Windows 7 launch, and the version of IE under development is no longer an outlier. 

It is worth noting that once the differences are this small, the other subsystems that contribute to performance become much more important, and perceiving the differences may be difficult on real-world sites. That said, we remain committed to improving script performance.

We’re looking at the performance characteristics of all the browser sub-systems as real-world sites use them. Our goal is to deliver better performance across the board for real-world sites, not just benchmarks.

Standards Progress. Our focus is providing rich capabilities – the ones that most developers want to use – in an interoperable way.  Developers want more capabilities in the browser to build great apps and experiences; they want them to work in an interoperable way so they don’t have to re-write and re-test their sites again and again. The standards process offers a good means to that end.

As engineers, when we want to assess progress, we develop a test suite that exercises the breadth and depth of functionality. With IE8, we delivered a highly-interoperable implementation of CSS 2.1 and contributed over 7,200 tests to the W3C. Standards that do not include validation tests are much more difficult to implement consistently, and more difficult for site developers to rely on.

Some standards tests – like Acid3 – have become widely used as shorthand for standards compliance, even with some shortcomings. Acid3 tests about 100 aspects of different technologies (many still in the “working draft” stage of standardization), including many edge cases and error conditions. Here’s the latest build of IE9 running Acid3: 

As we improve support in IE for technologies that site developers use, the score will continue to go up. A more meaningful (from the point of view of web developers) example of standards support involves rounded corners. Here’s IE9 drawing rounded corners, along with the underlying mark-up:

Another example of standards support that matters to web developers is CSS3 selectors. Here’s a test page that some people in the web development community put together at css3.info; it’s a good illustration of a more thorough test, and one that shows some of the progress we’ve made since releasing IE8:

Community testing efforts like this one can be helpful. Ultimately, we want to work with the community and W3C and other members of the working groups to define true validation test suites, like the one that we’re all working on together for CSS 2.1, for the standards that matter to developers. For example, this link tests one of the HTML5 storage APIs; some browsers (including IE8) support it today, while others don’t.

The work we do here, both in the product and on test suites, is a means to an end: a rich interoperable platform that developers can rely on. 

Bringing the power of PC hardware and Windows to web developers in the browser. The PC platform and ecosystem around Windows deliver amazing hardware innovation. The browser should be a place where the benefits of that hardware innovation shine through for web developers.

We’re changing IE to use the DirectX family of Windows APIs to enable many advances for web developers. The starting point is moving all graphics and text rendering from the CPU to the graphics card using Direct2D and DirectWrite. Graphics hardware acceleration means that rich, graphically intensive sites can render faster while using less CPU. (This interview includes screen captures of a few examples.) Now, web developers can take advantage of the hardware ecosystem’s advances in graphics while they continue to author sites with the same interoperable standards patterns they’re used to.

In addition to better performance, this technology shift also increases font quality and readability with sub-pixel positioning:

96 point Gabriola on a Lenovo X61 ThinkPad at 100% Zoom using GDI (note jaggies):

96 point Gabriola on a Lenovo X61 ThinkPad at 100% Zoom: Direct2D (without jaggies):

Last week, Channel 9 interviewed several of the engineers on the team. You can find videos of the interviews here:

Introduction, and Interoperable Standards

Early look at the Script Engine

Hardware accelerated graphics and text in the browser via Direct2D

While we’re still early in the product cycle, we wanted to be clear to developers about our approach and the progress so far. We’re applying the feedback from the IE8 product cycle, and we’re committed to delivering on another version of IE.

Thanks,
Dean Hachamovitch
General Manager, Internet Explorer

Update 11/23/09 - The IE9 demo from PDC is now available.  The IE content starts around minute 48.

My Favorite IE Add-on: Mouse Gestures by Ralph Hare

I spend a lot of time dealing with problems users encounter when using Internet Explorer. As a result, when I write about add-ons, I’m usually talking about misbehaving code that is wrecking the browser. However, it’s not all doom-and-gloom out there, and I’m delighted to share my favorite browser add-on with you.

I first came across Ralph Hare’s work when perusing the IE add-on sample code at CodeProject. Ralph and I both liked mouse gestures and wished that Internet Explorer offered them. For those of you who have never used mouse gestures, basically, they allow you to trigger commands like back, forward, refresh, etc, without using the keyboard or clicking on toolbar buttons or menus. While not everyone wants to use mouse gestures, some of us find them incredibly compelling. This sweet spot makes gestures the sort of feature ripe for implementation as an add-on.

Fortunately for all of us, Ralph is a great developer and he put together a fantastic gestures add-on for IE which has evolved and improved a lot over the last six years. I’ve installed his add-on on every computer I’ve used since discovering it, and I now find it annoying to use browsers that don’t support gestures. It’s an ironic turn of events for me, since I’ve been a keyboard snob for over a decade. :-)

What makes this add-on so great?

Respect for the User. The gestures add-on respects your existing browser settings, and does not attempt to change your default homepage, search provider, favorites, user-agent string, etc. There’s no junk (e.g. adware, unexpected toolbars, etc) bundled with it either.

Stability. I’ve tried out a lot of different add-ons over the years, but almost always end up uninstalling each after a few days because they’re unstable and result in occasional or frequent browser crashes. In contrast, Ralph has delivered a rock-solid implementation of gestures; the few bugs I’ve found have been fixed quickly and the updated versions are automatically offered using an automatic notification service.

Best Practices. Ralph’s code is compiled following best-practices for secure and stable add-ons, including linking with the /NXCOMPAT and /DYNAMICBASE flags to opt-in to DEP/NX and ASLR memory protections.

Performance. Many browser extensions are useful from time-to-time, but I’m not willing to suffer a performance penalty when not actively using an extension. For some types of extensions (menu extensions, toolbar buttons) this isn’t a problem, because the add-on code only loads when I actively use the add-on. However, an add-on like Mouse Gestures inherently needs to be available at all times, so high performance is an absolutely critical consideration.

Ralph’s Browser Helper Object (BHO) is written in native C++, and designed and coded for speed. After installing, check out the Load Time column inside the IE Tools > Manage Add-ons dialog:

As mentioned previously, the extension offers an auto-update mechanism, but Ralph ensures that this won't hurt startup performance. He does so by running the check in a background thread, and waiting for about a minute after tab startup to kick off the webservice call. Ralph also sets the NoExplorer registry key to prevent his BHO from loading inside Windows Explorer.

Even the default configuration is optimized for performance: by default, mouse trails aren’t shown, and if a user wants them, they can choose between basic trails:

which work fine with all video cards, and the slightly fancier advanced trails:

which work best with higher-end hardware.

Cross-Version Support. Mouse Gestures is compiled in both 32-bit and 64-bit flavors (installed individually) making the gestures add-on one of the very few available for 64-bit IE. The add-on works in all versions of IE and I’ve personally used it on Windows XP, Server 2003, Vista, Server 2008, and Windows 7 without problems.

Ease-of-Installation. The 32bit and 64bit installers together weigh in just under 1 megabyte. The add-on is packaged using the same NSIS installer that I use to install Fiddler.

If you decide you don’t like the add-on, you can easily uninstall it using the Add/Remove Programs control panel.

Customizability and Power. You can customize its options using the Mouse Gestures… item added to the browser Tools menu. The configuration dialog allows you to assign gestures to built-in actions, define new gestures or actions, and change the appearance of mouse trails.

The most common gesture I use is Down,Right which by default is bound to the Close Tab action. I’ve also bound the Down,Up and Up,Down gestures to the Toggle FullScreen Mode action; this is slightly simpler than hunting for the F11 key on my small but beloved Lenovo X200.

If you’d like, you can bind any gesture to open any of your browser Favorites in the current tab, or a new foreground or background tab.

One of the most powerful features of the add-on allows you to bind a JavaScript file to an action. I use this feature to bind a simple page cleanup script to the Left,Right gesture. When I’m reading an online newspaper or similar page with flashing images or other unwanted distractions, I simply hold the right mouse button and waggle the mouse—all of the images and flash objects are instantly removed, allowing me to read in peace.

Price. Mouse Gestures add-on is clearly a labor of love, and Ralph makes it available for free. If you’d like, you can help defray his web hosting costs using the unobtrusive “Donate via Paypal” link buried at the bottom of his site.

Conclusion

If you’re willing to get hooked on a new way of interacting with your browser, give Ralph’s Mouse Gestures add-on a try, and join me in thanking Ralph Hare for his great work!

Eric Lawrence

Participating at W3C’s TPAC 2009

This week the W3C holds its annual Technical Plenary and Advisory Committee meeting (TPAC 2009). There will be about a dozen people from the IE team participating and this is a valuable opportunity to continue working together with other W3C members on the next generation of web standards. High quality specifications that improve interoperability between browsers are important. Our goal is to help ensure these new standards work well for web developers and will work well in future versions of IE.

We will participate in a number of browser related working group meetings including accessibility, CSS and HTML sessions. For many groups, this is the only face to face time participants will get and so this is a perfect time to put faces to email addresses. Held in Santa Clara, California this year, the close proximity to many of the companies involved in the W3C means a large number of attendees is expected.

Over the last few months, some of us in the IE team have been working through the HTML5 working draft reviewing the specification text. It is interesting to exchange ideas and help the specification become clearer and I am looking forward to seeing many of the people involved again. There has been a long discussion about the submission we made to the HTML working group about distributed extensibility. Tony Ross, the author of our discussion document, will be participating in a panel on extensibility with Jonas Sicking from Mozilla on Wednesday.

Eliot Graff, a lead technical editor for IE, who is helping edit an updated draft of the Canvas API document that Doug Schepers started will also be at the HTML working group meeting this week.

Kris Krueger, one of our lead test managers, has volunteered to help the newly formed Testing Task Force within the HTML working group. Having a comprehensive test suite that thoroughly tests a specification is a key step to ensuring implementations interoperate successfully. Kris will be taking part in the HTML working group meeting on Thursday and Friday.

Paul Cotton, who was recently appointed as a co-chair of the HTML working group as Chris Wilson changed his focus to programmability in the web platform, will also be with us at the TPAC to help the overall work.

On Thursday, the W3C has organised a Developer Gathering for web and application developers who don’t normally participate in the W3C to join discussions about web standards. In my experience the participation of web developers is extremely important to check the overall ease of use of the specifications and APIs being proposed as standards.  One of our program managers, Sylvain Galineau, will be amongst the CSS Strike Force presenting CSS demos.

I don’t have room in this short blog post to mention everyone who will be involved this week but I’ve tried to give a flavour for the work that we will be participating in. Above all, it’s fun to hang out with people you mostly see only by email so there will be lots of hallway conversations and debates over lunch or dinner. I can’t wait.

Adrian Bateman
Program Manager

Now Available: IEAK8 can create custom Internet Explorer 8 packages in 19 additional languages

We are pleased to announce that the Internet Explorer Administration Kit (IEAK) 8 now supports creating custom Internet Explorer 8 packages in a total of 43 languages. IEAK8 can be downloaded from http://ieak.microsoft.com.

Custom Internet Explorer 8 packages can be created in the following platform and language combinations:

Windows XP SP2 or SP3 x86:

• Total languages:
  • Arabic, Bengali, Bulgarian, Chinese (Simplified), Chinese (Traditional), Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hebrew, Hindi, Hong Kong Chinese, Hungarian, Indonesian, Italian, Japanese, Kannada, Korean, Lithuanian, Latvian, Malayalam, Norwegian Bokmal, Polish, Portuguese (Brazil), Portuguese (Portugal), Punjabi, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Telugu, Thai, Turkish, Ukrainian
• New languages:
  • Bengali, Bulgarian, Croatian, Estonian, Hindi, Hong Kong Chinese, Indonesian, Kannada, Lithuanian, Latvian, Malayalam, Punjabi, Romanian, Serbian, Slovak, Slovenian, Telugu, Thai, Ukrainian

Windows XP SP2 x64 and Windows Server 2003 SP2 x64:

• Total languages:
  • Chinese (Simplified), Chinese (Traditional), German, English, Spanish, French, Italian, Japanese, Korean, Portuguese (Brazil), Russian

Windows Server 2003 SP2 x86:

• Total languages:
  • Chinese (Simplified), Chinese (Traditional), Czech, German, English, Spanish, French, Hungarian, Italian, Japanese, Korean, Dutch, Polish, Portuguese (Brazil), Portuguese (Portugal), Russian, Swedish, Turkish

Windows Vista x86, Windows Vista SP1 x86 , Windows Server 2008 x86, and Windows 7 x86:

• Total languages:
  • Arabic, Bengali, Bulgarian, Chinese (Simplified), Chinese (Traditional), Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hebrew, Hindi, Hong Kong Chinese, Hungarian, Indonesian, Italian, Japanese, Kannada, Korean, Latvian, Lithuanian, Malayalam, Norwegian Bokmal, Polish, Portuguese (Brazil), Portuguese (Portugal), Punjabi, Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Telugu, Turkish, Thai, Ukrainian
• New languages:
  • Bengali, Bulgarian, Croatian, Estonian, Hindi, Hong Kong Chinese, Indonesian, Kannada, Latvian, Lithuanian, Malayalam, Punjabi, Romanian, Serbian, Slovak, Slovenian, Telugu, Thai, Ukrainian

Windows Vista x64, Windows Vista SP1 x64, Windows Server 2008 x64, and Windows 7 x86:

• Total languages:
  • Arabic, Bulgarian, Chinese (Simplified), Chinese (Traditional), Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Japanese, Korean, Latvian, Lithuanian, Norwegian Bokmal, Polish, Portuguese (Brazil), Portuguese (Portugal), Romanian, Russian, Serbian, Slovak, Slovenian, Spanish, Swedish, Thai, Turkish, Ukrainian, Hong Kong Chinese
• New languages:
  • Bulgarian, Croatian, Estonian, Latvian, Lithuanian, Romanian, Serbian, Slovak, Slovenian, Thai, Ukrainian, Hong Kong Chinese

To create custom packages in these new languages, you’ll need to install the latest version of IEAK8.

Thanks,
Jatinder Mann
Internet Explorer Program Manager

IE October 2009 Security Update Now Available

The IE Cumulative Security Update for October 2009 is now available via Windows Update or Microsoft Update.

This update addresses three privately reported vulnerabilities and one publicly disclosed vulnerability. The security update addresses these vulnerabilities by modifying the way that Internet Explorer processes data stream headers, validates arguments, and handles objects in memory. For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS09-054
• Microsoft Knowledge Base Article 974455

This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8. 

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security

Add-on Guidelines in action – AVG Security Toolbar

The AVG Security Toolbar team has recently released a new version of their toolbar. It has a more predictable user experience and does a better job of allowing users to stay in control of their browser. It’s a great example of the Guidelines for add-on developers in action.

It’s encouraging to see the example set by the AVG Security Toolbar team. They’re building valuable add-ons for people and at the same time they’re respecting user choice. Here are some high level examples of the changes they’ve made in the new version of their toolbar:

• It no longer takes over the search provider. Instead it uses the proper IE8 set default provider API so that users can choose their default.
• The close button is visible so that users can manage it like other toolbars. Additionally, the toolbar is positioned in a supported location which improves stability and performance.
• It no longer modifies the new tab page to maintain a predictable new tab experience for users.

Kudos goes out to the AVG Security Toolbar team. On behalf of our shared customers, thanks. Following the Guidelines and using supported extensibility points in this way means that people have a consistent and reliable experience that allows them to stay in control of their browser. This is exactly what we’d like to see from all add-on developers.

Before: Previous version of AVG Security Toolbar

After: Newest version (2.507.24.1) of the AVG Security Toolbar provides a predictable experience and lets users stay in control of their browser

-Paul Cutsinger and Herman Ng