Developing Safer ActiveX Controls Using the Sitelock Template

MSDN Blog Postings » Developing Safer ActiveX Controls Using the Sitelock Template

Tue, 18 Sep 2007 20:48:56 GMT

PingBack from http://msdnrss.thecoderblogs.com/2007/09/18/developing-safer-activex-controls-using-the-sitelock-template/

re: Developing Safer ActiveX Controls Using the Sitelock Template

anphanax — Tue, 18 Sep 2007 20:55:00 GMT

Will there be an updated example of this (http://support.microsoft.com/kb/182598) that uses IObjectSafetySiteLockImpl?

re: Developing Safer ActiveX Controls Using the Sitelock Template

midio — Tue, 18 Sep 2007 21:10:43 GMT

don't care about a stupid template to be honest.

support CSS2.0/CSS2.1 and CSS3.0 beta correctly

and

support the javascript DOM correctly

i don't need a stupid activeX template thingy.

re: Developing Safer ActiveX Controls Using the Sitelock Template

Jerry Mead — Tue, 18 Sep 2007 22:19:19 GMT

Interesting. The security & licensing of the 'advanced' functionality available from our controls Zeepe & ScriptX has been domain- and Security Zone-bound since its introduction in 1998.

http://www.meadroid.com/sm_intro.asp

Of course, you guys knew that (because we've been talking to you under mutual NDA for all of those nine years), so - before we test for ourselves - presumably someone can advise us off-blog of any likely conflicts?

Thanks.

re: Developing Safer ActiveX Controls Using the Sitelock Template

bruce — Tue, 18 Sep 2007 22:31:56 GMT

Call to Action: post something to do with CSS/DOM/JavaScript for IE8, or even for IE7.

e.g.

In IE7, garbage collection on closures is improved to handle (scenario a,b, & c)

with notes to explain how they are broken in IE6, but can be worked around with example code.

re: Developing Safer ActiveX Controls Using the Sitelock Template

rc — Tue, 18 Sep 2007 22:54:44 GMT

@DMassy

"Work on IE8 continues as they have repeatedly said, but they are not going to discuss it before they are ready."

But he said unto them, Except I shall see in his hands the print of the nails, and put my finger into the print of the nails, and thrust my hand into his side, I will not believe. (John 20:25)

Developing Safer ActiveX Controls Using the Sitelock TemplateDeveloping Safer ActiveX Controls Using the Sitelock Template

Spyware Sucks — Wed, 19 Sep 2007 03:18:16 GMT

The IE team have blogged about the release of a new version of the SiteLock Template for ActiveX Controls

re: Developing Safer ActiveX Controls Using the Sitelock Template

Fduch — Wed, 19 Sep 2007 03:22:42 GMT

>they are not going to discuss it before they are ready.

Ready? You mean like when they shipped IE7 with 1807 open bugs on Connect? (The whole Vista only had 1400 open bugs at that time. And Vista shipped a month later)

re: Developing Safer ActiveX Controls Using the Sitelock Template

program — Wed, 19 Sep 2007 05:05:26 GMT

The IE team have blogged about the release of a new version of the SiteLock Template for ActiveX Controls ~~

re: Developing Safer ActiveX Controls Using the Sitelock Template

Windows Update Faux Pas — Wed, 19 Sep 2007 09:10:51 GMT

Everyone perceives the danger of firearms; you could assuage other's anxiety by adding security measures to the firearms, but---it's still unsafe.

I could have completely scrapped ActiveX, but Windows Update requires such dangerous piece to function.

I don't mind how secure ActiveX is; just upgrade IE to comply with latest W3C standard as other "developed" browsers, and I would die in peace.

re: Developing Safer ActiveX Controls Using the Sitelock Template

Vilius Šumskas — Wed, 19 Sep 2007 09:39:35 GMT

@midio and others:

If you don't use ActiveX it doesn't mean that other don't. I personally very happy with this addition (and a post). This is IE blog and developers can post everything they want related to IE.

Why on earth everytime someone posts to this blog army of web devs start to complain about IE8 and standards. If you're such fan of open standards and open source you've should known by now a very good phrase: "It will be ready when it's done!"

re: Developing Safer ActiveX Controls Using the Sitelock Template

Wraith Daquell — Wed, 19 Sep 2007 20:10:31 GMT

@Vilius:

Bravo. I concur.

@Complainers:

Nobody likes a whiner.

re: Developing Safer ActiveX Controls Using the Sitelock Template

hAl — Thu, 20 Sep 2007 16:21:52 GMT

The silence on the future development of IE on this blog is deafening !!!

It is getting ridiculous.

re: Developing Safer ActiveX Controls Using the Sitelock Template

jacob ÷milas — Fri, 21 Sep 2007 04:16:31 GMT

@Vilius: "It will be ready when it's done!"

Your statement implies that you actually believe it *will* be done. As hAl pointed out, the silence on IE development on this blog is deafening!

There has been no statement about:

DOM Methods will be fixed (and/or a flag/setting/trigger will be identified so that developers can count on the proper, W3C spec implementation.

Form element fixes: disabled select options, radio buttons that fire onchange before onblur, DOM create/copies of radio/checkboxes that preserve their checked state.

CSS Fixes: Full attribute selectors.

GUI Fixes: re-write the prompt dialog so that it doesn't look like a borland control from 1992 and make it work (correct position, correct button position, no message truncating, etc)

Printing: don't even get me started here

Zooming: fixing the controls and chrome so that the interface doesn't look like its exploding on itself

Until we hear that these things are at least being worked on, we have little faith.

btw, stating that "MS is actively working on IE8" tells us nothing.

jac

re: Developing Safer ActiveX Controls Using the Sitelock Template

IEX — Fri, 21 Sep 2007 08:15:06 GMT

They won't even name the next version of IE until they've decided whether or not to release it.

re: Developing Safer ActiveX Controls Using the Sitelock Template

hAl — Fri, 21 Sep 2007 13:14:59 GMT

And not just improvements on current features but also other features like downloadmanager, spellingchecking, different inpage search and add-on model...

re: Developing Safer ActiveX Controls Using the Sitelock Template

Bruce — Fri, 21 Sep 2007 17:04:15 GMT

Al Billings - ex MS IE team member, sheds light on the demise of Borgzilla, and how it has essentially ruined confidence in IE (and MS) in the developer community.

http://www.arcanology.com/2007/09/19/ie-and-the-demise-of-borgzilla/

He's bang on, on various points.

There *should* be alpha builds available regularly.

There *should* be a bug tracking system online, always, not shut down (air-quote)temporarily(/air-quote), and it should allow the community to self-triage where possible, and be "integrated" with MS internal tools to avoid pure swivel-chair exercises.

and surprise, surprise........

TALK ABOUT IE8!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Wow, wonder if I've heard that requested somewhere before?

Bruce

re: Developing Safer ActiveX Controls Using the Sitelock Template

limvar — Fri, 21 Sep 2007 22:59:36 GMT

I have try to use the developer toolbar but find a button works different.

When click [find by click] why does it keep try to find every click? he should stop when I click first object

re: Developing Safer ActiveX Controls Using the Sitelock Template

Mike — Sat, 22 Sep 2007 04:20:31 GMT

I think we need to start a petition to have Al Billings and Dave Massey come back to the IE team ! That way we might finally get some posts about IE8 and where things are headed, like back in the good old pre-IE7 release days.

re: Developing Safer ActiveX Controls Using the Sitelock Template

bill — Sat, 22 Sep 2007 10:45:13 GMT

with the next patch, please remove the automatic execution of signed activex controls in the Internet zone. Let the user to decide if he want to run it or not. A lot of activex controls runs without user's consent and that exposes the browser to flaws.

re: Developing Safer ActiveX Controls Using the Sitelock Template

bill — Sat, 22 Sep 2007 10:47:23 GMT

@Faux Pas

In Windows Vista, the new Windows Update doesn't use activex. Buy Vista

re: Developing Safer ActiveX Controls Using the Sitelock Template

Walter — Sat, 22 Sep 2007 23:11:48 GMT

@ Mike!

As per your Petition:

"Bring Al Billings & Dave Massey back into the IE team!"

- Signed! Walter Braithwaite

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Sun, 23 Sep 2007 16:05:07 GMT

Walter,

That's a nice thought but I'm a QA guy on Firefox over at Mozilla these days. I did a year in a startup, gathered some stock options, and then went back to doing what I love: browsers. Only, this time I'm working in the open source world and loving it (actually).

Since I live and own a house in Oakland, California these days, I really doubt if I'll be returning to Redmond anytime soon. After nearly nine years at Microsoft, I'd had enough and needed a change. I'm well into that change now.

I appreciate the sentiment though. I actually think my talents, such as they are, have been better used in a much smaller company like Mozilla and our much smaller QA group (all of Mozilla is smaller than the number of QA people who work on IE).

I have an impact within Mozilla that I would never have attained at Microsoft, even with all of my years there. I was never in a position to REALLY affect where IE was going, being just a mid-level guy in QA. The future of IE is less determined by the rank and file that work on it than by Microsoft's corporate goals and strategy. Anything that conflicts with that winds up being stillborn or cut.

re: Developing Safer ActiveX Controls Using the Sitelock Template

DMassy — Sun, 23 Sep 2007 18:08:23 GMT

Walter,

I'm not sure I could be tempted back there either. I'm not sure I agree entirely with Al's assessment but after eleven years at Microsoft it was time for me to leave.

-Dave

re: Developing Safer ActiveX Controls Using the Sitelock Template

Fabian — Mon, 24 Sep 2007 18:13:22 GMT

Are you guys still fixing bugs with your rendering engine? If so there are still alpha map errors, and min-width errors with css

re: Developing Safer ActiveX Controls Using the Sitelock Template

Jim — Mon, 24 Sep 2007 19:54:45 GMT

Al: Hrm... a Firefox guy who left IE, posting his flamebait ruminations on the IEBlog.

I think you might have a bit of a credibility gap here. Sour grapes, perhaps?

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Tue, 25 Sep 2007 11:38:43 GMT

Jim, I'm posting here because my post on *my own blog* was mentioned here.

You can think that I have a credibility gap all that you want. Yours is the first comment anywhere to even try to say that, so I don't think that's the prevailing wisdom.

Besides, I worked on IE 4, IE5, IE6SP2, and IE7. I spent just a month shy of nine years at Microsoft, working mostly on browsers (I worked on MSN Explorer and the cancelled Netdocs as well). I think I have a pretty fair degree of credibility when it comes to discussing browsers, Internet Explorer, or Microsoft. Why do you think otherwise?

As a Mozilla guy, I'm allowed to speak my mind with little fear of being chewed out for it. Why? Because Mozilla is an open company that embraces that openness by conducting most of its business in the public eye. I think that the IE team and Microsoft (in general) could learn a bit by that.

In any case, as the only guy in the world, as far as I know, who has worked on both IE *and* Firefox, I expect that I'll continue to have things to say about both.

re: Developing Safer ActiveX Controls Using the Sitelock Template

Chris — Tue, 25 Sep 2007 15:15:27 GMT

I wonder how long it'll take before the conspiracy theory's begin about how Microsoft have in fact planted Al into the Firefox community, to bring it down from within!

re: Developing Safer ActiveX Controls Using the Sitelock Template

jenna — Tue, 25 Sep 2007 23:04:01 GMT

@Chris: Since the quality control of Mozilla seems to outpace IE by leaps and bounds, I highly doubt it.

If you read Al's blog, you'll see he has taken (as he states) to the open source software development concept quite well, and sees the power it gains over proprietary SW.

I don't write C++ (which I presume?) is what both IE and Firefox use at their core, but the simple fact that anyone that discovers a bug/performance issue in Firefox can code, and submit a patch is far beyond any locked software can manage.

Even with that said, if I could "read" the IE code, I could likely spot where an error is occuring and even hint at what the fix would be: i.e. "This method is casting a number to a string, which causes issues on line: 1234 of blah, blah, blah"

Take the top 10 Browser/DOM bugs in IE at the moment. Is there anyone here that doesn't believe that if IE was open sourced... just for a day!, that they couldn't all be fixed?

Now, ask yourself.. those top 10 bugs.. they were in IE6 too, weren't they!.. count the days from the public release of IE6, until today.. $10 says it is a bit more than a day.. in fact.. ONE THOUSAND EIGHT HUNDRED AND FIFTY THREE DAYS (and counting!)

I think though that we would all be quite happy if there were at least some news about what is being fixed or has been in IE 8.

I don't care if IE is proprietary, thats fine - if you want the burden of fixing all of it - go for it...... but please fill us in so that we know when it will be fixed.

re: Developing Safer ActiveX Controls Using the Sitelock Template

gabe — Wed, 26 Sep 2007 01:10:54 GMT

firefox is 70 percent c++ code and 25 percent html/css the rest is JavaScript

re: Developing Safer ActiveX Controls Using the Sitelock Template

hAl — Thu, 27 Sep 2007 12:57:21 GMT

The whole concept of the connect bug submitting site was useless as it is was. I can understand that the IE team would consider it a burden rather then a usefull tool.

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Thu, 27 Sep 2007 15:42:53 GMT

Well, when the IE team lets its rather large community of users and web developers submit issues and track their results, hAl, perhaps something useful will be had.

IE7 has been out a year. What has the IE team been doing for a year now? Do any of you know? One assumes that a team with more than 200 people has been doing *something* for a year now but you'd never know it from the blog posts or any other public conversation.

In contrast, if you want to know what Opera is doing, you can find out, and they are a closed source project.

If you want to find out what Mozilla is doing, you can see the plans and even watch bugs get resolved and check-ins happen.

IE needs to open up. As I recall, having been around at the time and involved in some of the conversations, that *WAS* the point of this blog a few years ago. Obviously, since I left and at least two other proponents of this blog also left the IE team, the efforts here have stalled out.

Are you really happy with the level of real content in this blog? Really?

Al in Japan

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Thu, 27 Sep 2007 16:05:16 GMT

I've posted a little something at http://www.arcanology.com/2007/09/27/openness-and-ie-or-talk-to-us/.

I'd like to see an actual member of the IE team respond there (and to this thread here) instead of just ignoring this. Hey, guys, remember why you started blogging in the first place? Start talking to the web community about the future and IE8...

re: Developing Safer ActiveX Controls Using the Sitelock Template

DMassy — Thu, 27 Sep 2007 20:35:45 GMT

Al,

I don't entirely agree :) IE isn't and probably never will be open source.

The IE team does need to open up at least to the level they had when IE7 was under development and show some vision or direction.

Let's be real though. Releasing nightly builds and watching bugs get resolved and checkins happen is not going to happen with IE and quite frankly given the noise they'd receive I don't see the point.

The IE team does need to start talking though. Currently only Eric Lawrence seems to post and respond to comments here. All online chats have stopped and it is as if the IE team has disappeared just as it did after the release of IE6. I know that isn't the case but you can't blame people for starting to think that when the team can't be bothered to talk to their customers and engage in any conversation.

-Dave

re: Developing Safer ActiveX Controls Using the Sitelock Template

Luthar — Thu, 27 Sep 2007 22:08:34 GMT

@Dave and Al;

I'm with Al on this. Fine, IE is a closed source project, we get that. But that doesn't stop the IE team from telling us what they hope to do, or have done in IE8.

Even the small things! like "Hey, we noticed the bug when you de-focus the printer selection dialog in a print preview too (when everything blanks out)", "and yes, we've fixed that!"

Things like this are good, because:

a.) It means you listened to the community and the bugs we reported.

b.) You care about shipping a good SW product

c.) It might be a minor thing, but its fixed now, we can move on to other things.

d.) It tells us seriously, that MS HAS BEEN DOING SOMETHING!

Otherwise, this blog has died. It no longer contains any useful information on THE DEVELOPMENT of IE.

re: Developing Safer ActiveX Controls Using the Sitelock Template

DMassy — Thu, 27 Sep 2007 22:22:21 GMT

Luthar,

I agree entirely. The IE team can talk about progress without issueing nightly builds or opening up their checkin process. This is abotu the IE team showing they care about their customers. Silence does not help. I know the individuals on the IE team do care about customers but it certainly isn't being shown.

-Dave

re: Developing Safer ActiveX Controls Using the Sitelock Template

John A. Bilicki III — Fri, 28 Sep 2007 01:27:40 GMT

A very undesirable CSS1 bug, simple/minimal test case for IE7, resize IE7 with the code in my reply post...

http://forums.devnetwork.net/viewtopic.php?p=420119

I think it's important to put emphasis on the all but confirmed fact that IE8 will probably be the last version of Internet Explorer for Windows XP. With the resistance to adopting Vista this version of IE will have a much more dramatic impact on the corporate strategy and general PR for Microsoft in the long term. It's therefor probably in their best (corporate) interests (from my perspective) to keep a lid on things at the moment. I'm going to presume IE9 will be the DirectX 10 of sorts for Windows 7 and web designers. This is my take on the silence here and I won't complain.

I'd also like to point out a couple things. First off if you're leaving a link to your homepage when you post on this blog you have (in my mind) a bit more credibility to what you say then just anonymously posting on the blog.

Secondly Internet Explorer isn't really that bad of a browser. IE4 handles a liquid layout I've been working on just fine. In fact it's also keyboard-only accessible. It was released in September 1997, TEN years ago! Webkit nightly builds **STILL** can't tab to anything other then form input elements rendering keyboard-only navigation (on either Windows or OS X) pretty much completely useless. In my not so humble opinion there is currently no "best" browser. Gecko has great CSS2 compliance, IE has great printer support (in comparison to other browsers especially Gecko, if you test this then ensure you're using a printer specific stylesheet), Webkit has the best CSS3 property support, and Opera eh...it's moderately good in all those categories. But no single browser/rendering engine truly shines above all others.

Also I've started a new cartoon series on the lighter aspects of computer/internet software. Please enjoy my MS Paint skills in full glorious mono and default font! This one was partially inspired by the IE blog...

http://img249.imageshack.us/img249/1136/softwaresagasissue0002byz4.gif

re: Developing Safer ActiveX Controls Using the Sitelock Template

Jim — Fri, 28 Sep 2007 02:14:28 GMT

John A. Bilicki III: Your "All but confirmed fact" is pure speculation.

The reason no one would "confirm" such a statement is that Microsoft isn't remotely close to making any kind of decision on the supported platforms for IE9. As you point out, uptake of Vista is probably a major factor here.

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Fri, 28 Sep 2007 02:31:56 GMT

Dave, I know that the IE team isn't going to release nightly builds but, seriously, there are months that go by on this blog with only one post, maybe two, and they aren't anything forward looking.

Do you see a response from the IE team to comments here? No. Eric has responded in my blog but then he was always the most active on the blog and in talking to the public from the development team. Kudos to him.

You and I will have to disagree about the value of having a bug database and communication of some sort (I see a lot of value in giving people a means to post issues and see comments on them, as well as validate other issues) but the sheer lack of communication for a year is appalling. IE7 has been done for a long time.

Personally, I expect that there might be little to say and that the IE team has spent six months chasing Vista SP1 issues instead of working on IE8. I could be wrong though (as always).

re: Developing Safer ActiveX Controls Using the Sitelock Template

DMassy — Fri, 28 Sep 2007 03:23:13 GMT

Al,

We agree on everything except on the value of releasing nightly builds. Everything else about the value of a bug database etc. we are in violent agreement on and I'm confused why you think I don't agree with you since I've been saying pretty much the same thing for months. The shame of it is that we are having a conversation here but the IE team is completely failing to have a conversation with its customers. Shame on them.

We all worked hard to start to reestablish IE's credibility with developers during the IE7 project. We knew it was going to be a long hard slog and that it would take time, possibly longer than the IE7 project itself. Unfortunately all that hard work has been thrown away and any credibility we did establish during that time has been lost.

-Dave

re: Developing Safer ActiveX Controls Using the Sitelock Template

Al Billings — Fri, 28 Sep 2007 10:32:57 GMT

I guess I misunderstood, Dave. It's good to see that we're in violent agreement. :-)

re: Developing Safer ActiveX Controls Using the Sitelock Template

Chris Wedgwood — Fri, 28 Sep 2007 12:45:50 GMT

Since when has "Repurposed" been a word?

re: Developing Safer ActiveX Controls Using the Sitelock Template

hAl — Fri, 28 Sep 2007 13:06:54 GMT

I am all for input by the IE community. However the connect site was useless in that regard.

More usefull I think might be a public moderated forum or something like that. you could have different area's for dicussing features, HTML and or CSS conformance, Rendering of pages, scripting and add-ons and make discussions more focussed.

For straightforward bugtracking they might use an internet bugtracking tool but only for a limited (alpha)testing community and not for public use.

It is worrying that the IE team does not give information on what they are doing. It seems uncertain whether they are actually producing something usefull and choose the solutions for issues that are what their customers want.

re: Developing Safer ActiveX Controls Using the Sitelock Template

rc — Fri, 28 Sep 2007 15:17:36 GMT

@hAl

"It is worrying that the IE team does not give information on what they are doing."

There is no "IE team" at this moment, and they do nothing. Maybe in two or three years we will hear something.

Somebody may not believe me again, but this "somebody" cannot adduce any real facts that refute my statements.

re: Developing Safer ActiveX Controls Using the Sitelock Template

EricLaw [MSFT] — Sat, 29 Sep 2007 00:41:58 GMT

@Dave & Al: It's always nice to see you guys here: I read your blogs with interest.

@RC: I don't know why you persist in attempting to perpetuate the fantasy that I and my many colleagues don't exist.

Of course, once your theories are inevitably shown to be completely baseless, I suspect "RC" will disappear and we'll get a new anonymous poster named "CR" who will invent a new set of tales for our amusement.

re: Developing Safer ActiveX Controls Using the Sitelock Template

EricLaw [MSFT] — Sat, 29 Sep 2007 00:44:46 GMT

@Chris Wedgwood: Interesting question. According to the Oxford English dictionary, "repurposed" dates back to 1984, with the same meaning used here.

re: Developing Safer ActiveX Controls Using the Sitelock Template

PatriotB — Sat, 29 Sep 2007 07:45:01 GMT

Sitelock is very useful. It would have stopped this issue dead in its tracks: http://blogs.zdnet.com/security/?p=492

re: Developing Safer ActiveX Controls Using the Sitelock Template

rc — Sat, 29 Sep 2007 14:45:50 GMT

"I don't know why you persist in attempting to perpetuate the fantasy that I and my many colleagues don't exist."

Don't distort my words. Maybe you do exist, if you want so, but no real work on future versions of IE exists. And I will repeat to contend this until somebody shows whatever REAL proof of the contrary.

This is the common method of science: any thing is considered not existing until there is a scientifically grounded proof that it exist. Did you ever hear something about science?

re: Developing Safer ActiveX Controls Using the Sitelock Template

John A. Bilicki III — Sun, 30 Sep 2007 01:11:33 GMT

@ RC

While the scientific statement is true that we must show proof to even suggest something exists in the first place you're applying this in the wrong manner.

What percentage of the time do Microsoft developers get to spend working on what they prefer? Assuming they get any time to do so would they (assuming they'd want to) be allowed to work on IE? Keep in mind that the IE team members have people above them who make a lot of decisions for them or box them in to limiting their options.

From my perspective it's pretty pointless to personally attack IE team members because they probably get little choice in the decision making as I've read from former employees. It's sort of like yelling at some guy stuck in traffic because someone else decided to drive drunk and got in to an accident. What's the point?

re: Developing Safer ActiveX Controls Using the Sitelock Template

Jon — Sun, 30 Sep 2007 02:42:09 GMT

"any thing is considered not existing until there is a scientifically grounded proof that it exist"

Hah. You might want to wait until you reach Grade 7 before you start talking about science. You're not seriously trying to imply that DNA didn't exist until 1953? Bacteria magically sprang into the world in the 1860s?

Sigh. If this is how the rest of today's junior high students view the world, humanity is screwed.

re: Developing Safer ActiveX Controls Using the Sitelock Template

rc — Sun, 30 Sep 2007 10:37:21 GMT

@Jon

You dont't understand the difference between "exists" and "is considered existing in the science".

re: Developing Safer ActiveX Controls Using the Sitelock Template

IE — Mon, 01 Oct 2007 01:46:24 GMT

ACTUAL IE INFO: http://www.sitepoint.com/blogs/2007/10/01/wds07-bonus-feature-chris-wilson-microsoft/

re: Developing Safer ActiveX Controls Using the Sitelock Template

tom — Mon, 01 Oct 2007 21:11:53 GMT

Direct Link to the MP3 Audio:

http://media.sitepoint.com/presentations/2007-09-28_wds07chriswilson.mp3

Good talk, oddly enough, the ONLY talk about IE8 features and fixes... go figure!

Executive / Developer Summary:

IE8:

- New Layout Engine

- Standards Compliant (opt-in)*

* Although not indicated, in IE8, if you want rendering to follow the spec for [some/all/certain] things, you (the developer) will need to "opt-in" somehow. (The exact context of this is not indicated)

Based on existing stuff in IE, the preliminary guess would be a CC (Conditional Comment), similar to the MOTW. to dictate/enforce desire to render in standards mode.

In general summary... Chris Wilson cares about standards, and is doing whatever he can to ensure IE8 is on the right path!

YEEE HAAAAAW!!!! I can't wait!

re: Developing Safer ActiveX Controls Using the Sitelock Template

John A. Bilicki III — Tue, 02 Oct 2007 03:25:26 GMT

Thank you Tom for the interview clip.

What Chris is ultimately saying and that I can agree with is that the standards were inconsistent and full of holes. Remember, the W3C does not exist directly for those using the code, but those who implement support for the code.

To be completely fair we all have to remember that there are people writing these standards. Who is to say the standards they produce are absolutely perfect?

(X)HTML / CSS Pyramid...

W3C --> Browser Vendors --> Web Designers --> End Users

Since there are going to be holes in the standards (HTML 4, XHTML 1.0, HTML 5, XHTML 5, CSS 1, CSS 2, CSS3, etc) it's obvious that since Opera, Mozilla, and Microsoft aren't exactly working in different cubicles on the same floor in the same building that if each of these browser vendors have to fill a hole that has no specification listed in the standard itself that they understandably are likely to implement different behaviors based on how they perceive the spec but at the same time as businesses they must release new versions of their software within a set time frame.

What would ultimately benefit web designers is an active collaboration between web designers and browser vendors to collaboratively work together on patching holes in the standards. This means that instead of harassing Microsoft employees on their blog to instead ask them what holes exist in the standard, look at the standard, make inquiries to those responsible at the W3C, and work towards solutions that can be implemented in to the standards therefor giving a consistent patch to holes creating rendering engine inconsistencies.

Who here knows much about the folks working over at the W3C? Do the people who work on (X)HTML and CSS dedicate all their work time to the specifications or do they have to do it in their spare time while working another job to pay the bills and support their families?

(X)HTML 5 is an excellent chance to do exactly that. Unless you're willing to cover the living expenses of W3C developers to free up their time and resources the extra work load could easily be handled by the community, standards are in some sense open source? Our input is taken in to consideration at the W3C.

An example of seeing the opt-in mode is simple to me.

The #body element on my site requires CSS2...

#body {

border: #f0f solid 1px;

bottom: 4px;

left: 4px;

overflow: auto;

position: absolute;

top: 4px;

right: 4px;

}

Quirks mode in IE from my understanding after listening to Chris's comments are the 'best guess' at how the spec would be implemented if the issue was covered. My layout with the #body is not buggy in IE7 but requires quirks mode by using the XML declaration in IE6 and earlier. Essentially I can agree with this implementation and while I'm not going to attempt to digest the W3C specs, figure out what point in time each version of IE was being developed how far along the specifications had reached, it supports another statement that Chris made that the standards aren't complete yet and that many holes are still exist.

With the new opt-in mode and following Chris's comments I only have one comment, thank you IE Team!

Securing ActiveX Controls

codesecurely.org — Wed, 17 Oct 2007 07:20:21 GMT

I was reading my buddy Alex Smolen's post the other day on Java Applet Security and figured I would see

限定ActiveX组件只能在特定站点上使用

optman — Wed, 31 Oct 2007 18:40:09 GMT

在前面《再谈IObjectSafety》一文里，我们讲了声明一个ActiveX为脚本安全可能会被滥用而带来安全隐患。现在微软推出了一个新的ATL模板类IObjectSafetySiteLockImpl ，可以在编写ActiveX组件的时候设置只能在特定站点上加载，从而避免被恶意站点使用。

IE8 Security Part II: ActiveX Improvements

IEBlog — Wed, 07 May 2008 21:30:18 GMT

Hi, I’m Matt Crowley, Program Manager for Extensibility with Internet Explorer. The team was very excited

IE8 보안 2부 : ActiveX 보안 개선

IE8 팀 블로그 — Tue, 17 Mar 2009 11:48:25 GMT

    아래 글은 IEBlog에 올라온 IE 8 보안 관련 글 중 두번째 글을 번역한 것입니다. 현재 파트 5까지 나와있는데 시리즈로 번역할 예정입니다. 이 글 뿐