Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » standards   (RSS)
Saturday, September 19, 2009 1:01 AM

Understanding Domain Names in Internet Explorer

Web browsers use domain names for a variety of purposes, but how they’re used is much more complicated than most developers realize. In this post, I’ll attempt to cover the most important aspects of this topic. Definitions When talking about “domains”
Posted by EricLaw | 4 Comments
Wednesday, September 16, 2009 12:13 AM

HTML5 Implementation Issues in IE8

IE8 introduced support for some of the more stable features in the HTML5 spec. However, web developers have reported some problematic scenarios in IE8's support for these features, as described below. 1. postMessage only works for IFRAMES/FRAMES The HTML5
Posted by EricLaw | 4 Comments
Friday, August 28, 2009 6:53 PM

Same Origin Policy Part 1: No Peeking

Despite its role as the cornerstone of web application security, it’s clear that many (most?) web professionals do not understand Same Origin Policy (SOP), or hold one or more misconceptions about what SOP requires. It’s a big topic, and I don’t plan
Posted by EricLaw | 3 Comments
Filed under: , , ,
Thursday, August 20, 2009 4:00 PM

Internet Explorer Cookie Internals (FAQ)

Over the five years I’ve worked on Internet Explorer, I’ve probably seen more questions from the community about HTTP cookies than on any other topic. Cookies are an integral component of most websites in use today, and hence problems or unexpected behaviors
Posted by EricLaw | 13 Comments
Thursday, July 23, 2009 2:32 AM

IE8's Native XMLHttpRequest Object Restrictions, Bugs, and Notes

Protocol Restriction Internet Explorer's native XMLHTTPRequest object permits requests to HTTP and HTTPS only; requests to FILE, FTP, or other URI schemes are blocked. Method Restriction The object permits only the following HTTP methods: "GET", "POST",
Posted by EricLaw | 5 Comments
Filed under: , ,
Wednesday, July 01, 2009 9:40 PM

Q&A: Rendering Mode for Web Browser Controls (WebOCs)

Q: Eric, you mentioned that the IE8 Web Browser Control, hosted in Forms / WPF, runs in IE7 emulation mode by default. Is there a way to turn the emulation mode off and have the control work in "real" IE8 mode? A: Yes. This is controlled by a feature
Posted by EricLaw | 1 Comments
Filed under: , ,
Wednesday, July 01, 2009 8:05 PM

IE and the Accept Header

RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited
Posted by EricLaw | 17 Comments
Thursday, June 25, 2009 8:10 PM

Thoughts on Declaring Security Policies

My thoughts about Mozilla's Content Security Policy proposal were just published over on the IEBlog. I actually have quite a bit more to say (at even greater length :-) about declarative security mechanisms, and some more technical feedback specific to
Posted by EricLaw | 2 Comments
Filed under: ,
Wednesday, June 17, 2009 6:54 PM

CSS History Probing, or: "I know where you went last week"

Background One of the interesting attacks which makes the rounds every few years concerns the ability of web pages to use CSS to detect whether or not certain URLs have been visited. Given a sufficiently large set of URLs to probe, a website may be able
Posted by EricLaw | 2 Comments
Filed under: , , ,
 
Page view tracker