Updated Documentation on Controlling Security Restrictions

The information published in this post is now out-of-date and one or more links are invalid.

—IEBlog Editor, 21 August 2012

Our documentation team has just completed updating our documentation covering how administrators and developers can control certain features. This includes the following articles:

These documents are useful in understanding the security work undertaken in Windows XP SP2 and how it affects development. If you have any comments on this or any of our documentation on MSDN we’d appreciate the feedback.


Comments (8)

  1. Anonymous says:

    In all honesty Dave, I’m impressed…

    But in all seriousness, their are more important things that we’d like the IE team to blog about…

    Cater to us, not to yourselves.

  2. Anonymous says:

    <b>Very useful docs thanks</b> 🙂

  3. Anonymous says:

    Thanks for sharing these docs with us, they provide good information for us Windows developers who use IE components.

    Don’t mind Fiery Kitsune… I’m just happy to see *some*thing being posted 🙂

  4. Dave says:

    On a related topic, I’ve always wondered why script-src scripts aren’t handled based on the source domain. For example, if I have an HTML page in the Internet zone with a script tag that references a Restricted-zone site, the script from the restricted site runs even if I’ve disabled scripting in the restricted zone. Doesn’t this basically elevate restricted zone scripts to the Internet zone?

  5. ieblog says:

    Hi Dave,

    You bring up an interesting point. If a script file is loaded from a different site it is run in the context of the site doing the loading rather than the site from which it was loaded.

    For many websites this is extremely useful however a web developer should be really sure that they are in control and trust the site providing the script.



  6. Anonymous says:

    Pop-up Blocker:

    I.e. you skipped to block Pop-ups created with window.document.open() ?!?

    I’ll do a double take,


  7. Anonymous says:

    Guess who failed the Acid2 test? Everyone! http://webstandards.org/act/acid2/test.html

  8. Anonymous says:

    >If a script file is loaded from a different site

    >it is run in the context of the site doing the

    >loading rather.

    So the only way to completely opt-out certain domains is to use host file?


    Current Privacy tab.


    Could these be streamlined?

    My exprerience is that people get confused with the slider. For example they seem to think that Medium disables all third party cookies.

    Also automatic cookie deletion option would be nice.