IEBlog

Windows Internet Explorer Engineering Team Blog

  • IEBlog

    IE February Security Update Now Available

    • 10 Comments
    The IE Cumulative Security Update for February 2009 is now available via Windows Update . Alternatively, you can receive this and all other Microsoft updates via the Microsoft Update . I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products. This update addresses two privately reported vulnerabilities. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles the...
  • IEBlog

    Statistical Validation of the IE8 XSS Filter

    • 10 Comments
    Greetings, I’m Russ McRee of Microsoft’s Online Services Security & Compliance Incident Management team. My team serves as incident handlers for the various types of attacks our online services face. High on the list of incidents we handle are cross-site scripting attacks. There’s an unfortunate misconception surrounding cross-site scripting (XSS) attacks that result in them being perceived as less impactful than other types of attacks, and often more theoretical than practical. I believe...
  • IEBlog

    IE8 and JScript

    • 10 Comments
    As Dean mentioned yesterday in his post announcing the availability of the Internet Explorer 8 Beta 1 for developers , better script performance is of particular interest to the developer community. In conjunction with Dean’s announcement, the JScript Team posted additional information around scripting improvements in IE8 Beta 1 over on their team blog . I encourage you to check it out and follow their blog to learn more about the cool things they are doing for IE8! Kristen Kibble Program Manger
  • IEBlog

    Exploring ECMAScript 5 with a Simple Game of Poker

    • 10 Comments
    Support for ECMAScript 5, the updated standard of the language commonly known as JavaScript, is part of our promise to ensure that the same markup and same script works across browsers. Over the past few months we’ve devoted more than a few blog posts to the topic including: ECMAScript 5: Reusable code ECMAScript 5: Arrays Extras IE9’s Document Modes and JavaScript With the IE9 RC, we released another Test Drive demo to explore the full benefits of ECMAScript 5 available in IE9. This game of Texas...
  • IEBlog

    IE 9.0.7 Available via Windows Update

    • 10 Comments
    The June 2012 Cumulative Security Update for Internet Explorer is now available via Windows Update . This security update resolves one publicly disclosed and twelve privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are...
  • IEBlog

    Building world-ready applications in JavaScript using IE11

    • 10 Comments
    Building world-ready applications in JavaScript using IE11 With Internet Explorer 11, Web applications can now use JavaScript ECMAScript Internationalization APIs , which provide a standard JavaScript based interface to deliver great world-ready experiences such as number, date, time and currency formatting and culture specific string collation (comparisons). In IE11, Web apps can utilize capabilities exposed by the Windows internationalization library, which includes support for over 364 locales...
  • IEBlog

    W3C Charters Pointer Events Working Group

    • 10 Comments
    Following Microsoft’s submission of the Pointer Events specification , the W3C announced Friday the launch of the Pointer Events Working Group . The group intends to use Microsoft's proposal, based on the APIs available today in IE10 on Windows 8, as the starting point for a Recommendation track specification, an important step towards interoperable support on the Web. In their announcement, the W3C said, “enabling content creators to use a single [pointer] model for different input types will make...
  • IEBlog

    Understanding the Real-World Performance of your Web Application Across IE11 and Other Browsers

    • 9 Comments
    Together with Google, Mozilla, Microsoft, and other community leaders, the W3C Web Performance working group has standardized the Navigation Timing , Resource Timing , User Timing , and Performance Timeline interfaces to help you understand the real-world performance of navigating, fetching resources, and running scripts in your Web application. You can use these interfaces to capture and analyze how your real-world customers are experiencing your Web application, instead of relying on synthetic...
  • IEBlog

    Test the Web Forward – Seattle 2013

    • 9 Comments
    On April 12-13, Microsoft hosted a record-setting Test the Web Forward event to advance the Web by creating interoperability tests. Dozens of volunteers from Adobe, AT&T, Blackberry, Mozilla, and many other local companies joined us at our Seattle offices to learn about Web standards testing, how to write CSS and HTML tests, as well as the tools available for test suite management. Attendees from around the country - and even Canada – contributed to create a record-breaking 514 overall new tests...
  • IEBlog

    Sub-pixel Rendering and the CSS Object Model

    • 9 Comments
    With Windows 8, you have an unprecedented choice of devices for browsing the Web, from large desktop screens to small slates. In order to accommodate this range of devices, the browser must be able to scale and layout the Web at many different screen sizes and dimensions. We've previously blogged about some of the features in IE that support these scenarios. Sub-pixel positioning (of text and layout) is one of the core platform technologies which enable Web pages to look beautiful and consistent...
  • IEBlog

    CORS for XHR in IE10

    • 9 Comments
    The fourth platform of IE10 simplifies building cross-site scenarios that work consistently across browsers by supporting Cross-Origin Resource Sharing (CORS) for XMLHttpRequest (XHR) . CORS for XHR makes sharing data across sites simple and flexible. In the most basic scenario CORS enables creating data sources accessible from any site, and with a few small tweaks you can choose to constrain allowed sites, support data modification, and even allow authentication. Most importantly CORS keeps existing...
  • IEBlog

    Building Better Input Experience for East Asian Users with the IME API in IE11

    • 9 Comments
    During the development of Internet Explorer 11, we proposed and implemented a new set of IME APIs to the Web Applications Working Group for a better input experience for East Asian users. These discussions resulted in changes to the Editor’s Draft of the W3C IME API. This API enables developers to build a tightly integrated experience between the IME that East Asian users rely on to type in their local languages and the UI that developers create to assist input, for example a search suggestion list...
  • IEBlog

    Upcoming IE Conferences and Events

    • 9 Comments
    One of the things I really like about my job is getting out to conferences and events where I can meet you guys. It’s a great opportunity to get feedback from you, and to learn more about our developers and users. It’s also a great opportunity for you to get to know the IE Team. We’re really not a bunch of faceless developers, testers and PM’s. In the past, we haven’t announced what conferences and events we were attending, it was always kind of a surprise, but we are going to try and improve...
  • IEBlog

    Security Update for Windows Vulnerability in Vector Markup Language

    • 9 Comments
    Hi folks, this is Geoff again, IE Program Manager focused on security updates. A Windows Security Update was released today for a vulnerability in the Windows VML (vector markup language) component that can result in remote code execution. Although this is not an IE code vulnerability, we feel it is important to mention that IE can be used as an attack vector for the exploit. We strongly recommend that you visit Microsoft Update or Windows Update to check for this and any other critical security...
  • IEBlog

    Update Released for Some Versions of MSXML

    • 9 Comments
    We want you to know that some IE7 and Windows Vista users will need today’s security update for MSXML even though by default Windows XP and Windows Vista are not affected. Many applications install and use versions 4 and the original version 6 of the control as a part of the XML Core Services. The most common versions of MSXML don’t require any update such as MSXML3 and the version of MSXML6 installed with Windows Vista. Rob Franco Lead Program Manager
  • IEBlog

    Avenues of Support for IE

    • 9 Comments
    I have noticed going through the comments for our entries, that some people have started posting comments that are specific asks for help with IE issues. This blog is not focused on being a support forum, but we will try to help people as we can. If you are looking for more expedient and focused help please see the Microsoft Internet Explorer Support page - http://www.microsoft.com/windows/ie/support/default.mspx . Also please use the Contact link ( http://blogs.msdn.com/ie/contact.aspx ) as mechanism...
  • IEBlog

    Opting in to the Information Bar

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 So this is my first post on this blog, my name is Phil Nachreiner, I’m a developer on the IE team. I’ll post more about myself in another time, but I’d like to talk briefly about opting into the security features we added in XPSP2. For example, we’ve made it extremely easy to opt existing applications that use the WebBrowser Control into the XPSP2 Information Bar without...
  • IEBlog

    Tweakomatic Utility for IE Settings

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 20 August 2012 I got an email thread the other day that started out with the question of how to add a trusted site into "LocalSystem"'s IE setting via command line or script (which is good question, but more on that later). As part of this thread it also talked about a power toy called Tweakomatic. Named to follow along in the great TweakUI power toy tradition, Tweakomatic is a tool...
  • IEBlog

    Security Update for HTML Help Control Helps Blunt IE Attack Vectors

    • 8 Comments
    Microsoft released several security updates today – MS05-001, MS05-002 and MS05-003. MS05-001 has a fix for a remote code execution issue affecting the HTML Help Control. MS05-002 contains a fix for the “X-Focus” issues. MS05-003 has a fix for a remote code execution issue with Indexing Services The first two are rated “critical” and the third is “important”. MS05-001 is the most critical to reducing IE-based attack vectors. The HTML...
  • IEBlog

    Updated Documentation on Controlling Security Restrictions

    • 8 Comments
    The information published in this post is now out-of-date and one or more links are invalid. —IEBlog Editor, 21 August 2012 Our documentation team has just completed updating our documentation covering how administrators and developers can control certain features. This includes the following articles: About Zone Elevation Introduction to Feature Controls About URL Security Zone Templates These documents are useful in understanding the security work undertaken in Windows XP SP2...
  • IEBlog

    IE8 Beta 1 June Security Update Now Available on Windows Update

    • 8 Comments
    Today we released the IE June Cumulative Security Update for Internet Explorer 8 Beta 1 for Developers on Windows Update . For detailed information on the contents of this update, please see the following documentation: IE Blog Post: IE June Security Update Now Available Microsoft Knowledge Base Article 950759 If you are using IE8 Beta 1 for Developers, we encourage you to download this security update through Windows Update or the Microsoft Download Center today. Terry McCoy Program...
  • IEBlog

    September 2013 Internet Explorer Updates

    • 8 Comments
    Microsoft Security Bulletin MS13-069 - Critical This security update resolves ten privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. An attacker who successfully exploited the most severe of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less...
  • IEBlog

    Web Page Performance in a Standards Compliant and Interoperable way

    • 8 Comments
    At Velocity , we showed Internet Explorer 9 as the first browser to support the W3C Navigation Timing proposal to provide performance information to developers at runtime. This interface is aimed at helping developers measure and understand the performance of their website . Web developers can use this performance information to make their web sites faster. For IE9 Platform Preview 6, we updated the Navigation Timing interface to reflect the latest work of the Web Performance Working Group. Special...
  • IEBlog

    IE June Security Update Now Available

    • 8 Comments
    The IE Cumulative Security Update for June 2010 is now available via Windows Update . This security update resolves five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user...
  • IEBlog

    Staying in Control of Your Default Search Provider

    • 7 Comments
    One of our guiding principles in Internet Explorer is to keep users in control of their browser. This applies to settings like the home page , enabled add-ons , and the default search provider. Sometimes, 3rd party software changes the consumer’s default search provider without their consent . Consumers may be surprised to see search results from an unfamiliar Web site and may not know how to change back to their previous default search provider. As we work with developers to ensure that they use...
Page 39 of 41 (1,002 items) «3738394041