Internet Explorer 7 includes a new URL handling architecture known internally as CURI. The new optimized URI functions provide more secure and consistent parsing of URIs to reduce attack surface and mitigate the threat of malicious URIs.
When designing our security strategy for IE7, malicious URIs were near the top of the list because secure handling of URIs throughout IE is critical to the security of the system. Hence, a major architectural investment was made in CURI for IE7.
Unlike most of the new features in IE7, most end users will never notice CURI working “under the hood” on their behalf. For the technical readers in the audience, however, the details behind CURI may be of some interest.
Background
Uniform Resource Locators (URLs) are one of the most important and seemingly simple concepts web users encounter. Almost everyone recognizes a Uniform Resource Locator as the character string which allows the browser to find a website.
Uniform Resource Identifiers (a superset of URLs) were most recently formally specified in RFC3986, the fourth significant revision in the evolving definition of URIs. To quote the RFC,
A Uniform Resource Identifier (URI) is a compact sequence of characters that identifies an abstract or physical resource.
Pretty simple stuff, right? Alas, as usual, the devil is in the details.
Strings vs. Objects
Given the definition of a URI, it seems natural to represent a URI as a character string. And, in fact, simple character strings are how URIs are most often stored and transferred. For instance, to navigate to a web page, the user types a URI string into the browser’s address bar, or clicks an HTML anchor tag containing a HREF attribute whose value is a string URI.
Unfortunately, there are some downsides to using character strings to store URIs. The biggest problem is that a string is a simple data structure which only holds a sequence of characters, and contains no further information or logic for how that data should be interpreted. Having more information available about a URI is useful for a number of reasons, but security tops that list.
How the browser uses URIs
When you visit a webpage, chances are that there are dozens to hundreds of embedded resources, many of which are addressed via relative URIs. For instance, if you visit http://search.msn.com/default.aspx, the HTML source contains the following image tag:
<img src="/s/hp/bluesky_logo.gif" title="MSN" alt="MSN" height="32" width="81" />
In order for the image to be downloaded, the browser must first combine http://search.msn.com/default.aspx with /s/hp/bluesky_logo.gif to come up with a complete URI which can be downloaded: http://search.msn.com/s/hp/bluesky_logo.gif. In order to combine the base URI with the relative URI, the browser must first crack the base URI and the relative URI to retrieve their respective components.
A URI consists of multiple components, each of which helps the browser and server to retrieve the requested file.
For example, given the URI http://search.msn.com/results.aspx?q=ie7#listings
- The scheme component is http
- The hostname component is search.msn.com
- The path component is /results.aspx
- The query component is q=ie7
- The fragment component is listings
Thus, when generating the full URI to the image, IE must combine the scheme and hostname from the base URI (http://search.msn.com) with the path of the relative URI (/s/hp/bluesky_logo.gif). As you might imagine, performing this crack-and-combine process hundreds of times per page is quite inefficient, and introduces the risk of inconsistent parsing or evaluation.
Security
All web browsers make security decisions based upon URIs. Many security features, from Security Zones to the JavaScript same-origin policy, depend on the browser being able to consistently evaluate URIs to determine their components, and to compare them to other URIs.
If a bad guy (or gal!) can get a browser to incorrectly or inconsistently crack or combine a URI, the user’s security may be compromised. Over the years, a significant percentage of browser patches have been issued to address exploits against URI parsing flaws, for instance the CAN-2005-0054 vulnerability in IE, or Opera’s older %2f bug, to name but two of many.
URI-parsing attacks against Internet Explorer typically attempt to trick a security function (like MapURLToZone) into evaluating an exploit URI incorrectly (for instance, by returning the wrong security zone). If the URI is zoned into a more trusted zone than it deserves, the content at that URI might execute with elevated privileges. Other common attacks attempt to set or steal cookies from other domains, read content from one domain and send it to another, or spoof the user by displaying the URI incorrectly.
Difficulties in securely handling string-based URIs are often rooted in the fact that there are an infinite number of possible representations for a single URI, so a simple string comparison isn’t possible. RFC3986 specifies conditions in which a character in a URI is equivalent to a percent-encoded character in the format %HH, where HH is the hexadecimal-formatted integer representation of the character. Equivalence rules vary depending on where a character appears in a URI; for instance, the scheme and hostname are case-insensitive, but paths and queries are not.
The following URIs are all equivalent:
- http://www.example.com/sample/
- http://www.EXAMPLE.com/sample/#
- Http://www.ex%41mple.com/s%61mple/
- http://www.example.com/sample/arbitrary/.%2e/
All code paths in the browser must be fully knowledgeable about the rules of URI-parsing in order to correctly evaluate a URI. Any failures could enable an attacker to circumvent security restrictions.
The Solution: CURI
CURI is a lightweight object which holds a single URI in normal form. If the CURI is constructed from a string URI, that string URI is cracked just once when the object is first constructed. After construction, callers may access any of the URI components using members provided by the object. This ensures that URIs are evaluated consistently throughout both security and feature code paths. We’ve re-plumbed Internet Explorer to accept and use CURI objects internally; most of this work has already shipped in Beta-1.
The CURI object is available for consumption by external callers like ActiveX controls and Browser Helper Objects; documentation will be provided on MSDN as the CURI class is finalized. It’s worth noting that even external code that does not directly consume CURI objects will benefit from the change, because Unicode string serialized out of CURI objects will be consistently normalized, decreasing the likelihood of incorrect parsing even outside of IE.
Future Directions: International URIs
One advantage of the centralization provided by the CURI object is that it enables future URI-handling enhancements. In particular, working with international URIs is a key scenario for Internet Explorer 7, and the fully-Unicode CURI object is the keystone for our worldwide support. International URIs are critical to the future of the web as ever more international sites come online and more of the world’s diverse languages appear on the web.
I’m not quite ready to talk about IE7’s support for International Domain Names (IDN) yet, but expect to hear more as Beta-2 approaches. In particular, we’ll be talking about how IDNs work within existing network infrastructure, and how IE7 will mitigate the threat of Unicode homograph attacks.
- EricLaw
Oh, I’ve expected IE has used CURI-like objects already.
Afterall, this is the expected OOP style of handling a functionality that’ll be used throughout the application. (And possibly "the system")
And concerning the "Unicode Homograph attacks", as a Chinese user, I’d like to know is there any built-in function in Windows that’ll allow translation between Traditional Chinese(CHT) and Simplified Chinese(CHS)? If not, your team may want to ask other teams to build one or you can’t possibly get around the "Unicode Homograph Attacks" using Chinese characters.
I live in Hong Kong where people use both CHT and CHS in their life, and people likely treat an address in CHS as those in CHT, therefore creating the possbility for opening a fake website with one or two characters changed to another character set.
Even if this is too complicated to be done(I fully understand how difficult a task it could be to achieve a good effect), it’d be great if the browser can issue a warning popup to alert the user about this possible abuse.
Good to know that the URI parsing/handling will be so extensible, so next step could be data URIs.
I hope for the new optimized URI handling architecture.
I find it quite shocking that only with version seven of IE has someone at MS finally figured this out! I hope this "new-found-thought" extends to other common parts of MS too!
Sorry if I may have missed this in your post (or previous posts) but …
A few years back, when I was first starting out in HTML and web site building, I recall that the book I was learning from stated that when using hyperlinks or referring to images (or any address for that matter) that a relative path should always be used when the resource is hosted under the same domain, as the web browser can match them up and request the resource more effectively, but after reading your post, and talk of combining and cracking each URL makes me think differently.
So could I ask if I should in fact be using absolute URL’s for each resource within any given web page for the current fleet of IE’s or if I have just miss-read part of your post?
Thanks
IDN support AT LAST!
Only when MSIE has native support for it we can start to use IDN.
And here I was thinking, is there still somebody that doesn’t do this already..
It is really great to hear that IE7 will support IDN, and I’m interested to hear how you’re addressing the homograph problem.
Also, will IE7 support the data: URI scheme?
Urgh. Does this really mean IE6 deals with URI only in string form ?!? Scary.
hmm, are there URLs not in string form? I’m confused…
I tried to find a wishlist for Internet Explorer but couldn’t find one. I was wondering if the new Internet Explorer will have tooltips over links like Opera.
This is a truly remarkable thing, you point your mouse over a link and in a tooltip you have the real address to where yjat link points to. With this you can hardly make the mistake of clicking a link that will take you anywhere else that the text suggests.
All IE7 is a knock-off version of FireFox, Netscape (owner of Mozilla, which created FireFox) has always been a better internet Browser
Dear Eric,
thanks for your reaction on mine and other posts regarding the IDN-technology.
It is so good to hear the first official MS-statement that confirms IDN will be supported by IE 7.
I’m very curious which solutions you’ve chosen.
Thanks again,
Jean Pascal
You just mentioned
"crack-and-combine process hundreds of times per page is quite inefficient"
This is true. But this is not dominated issue for browser efficiency with current CPU speed.(As long as it is not used in mobile).
Need more work to solve No Response, or freeze issue. When IE7 go to Tabbed, this will become a hot complain. If one tab is freezed, at least let user switch tab.
Mike J
Great! To-the-point talk, with references to RFCs instead of marketing material 🙂
Don’t forget Data URI scheme! It’s very useful sometimes.
Thanks for the IDN-support!
Good work! I’m glad its coming out this way. I think you guys should open up a forum to discuss that tabbed browsing when you get a chance, or perhaps a chat session. Just my 2c.
Thanks for listening to us. IDN support is a great add-on.
Would you *please* fix your RSS feeds to include the proper character encoding? I’m tired of looking at question marks and blocks in my feed readers.
It isn’t hard, to the top just add:
<?xml version="1.0" charset="windows-1252"?>
I’ve requested this a couple of times on your contact page.
CURI = ?
Centralized Uniform Resource Identifiers ?
Please support data: URIs.
For very little development investment, it would add some useful flexibility.
While the number of representations of a URI is not infinite, it is very large.
Are all URIs cracked? I thought only URLs were cracked. For example, there isn’t such a thing as a relative URN, at least to my knowledge.
I’m honestly surprised that different parts of IE weren’t already sharing the same crack routine. Security aside, that just seems like basic code reuse.
Provided you are forgiving with my english, which is not my native language, my comment is rather simple.
I do not care where I would be placed by surfers or more seasoned web developers – whether in hell or purgatory or paradise; whether in the seclusion of the amateur, in the dregs of the parvenu, in the empyrean of the professional, or onto the paths of the lonesome geek, or even in the no man’s land of the nonsense and of the freak. I can live with my self esteem regardless of my own conceit and of the opinion of the others, and so I just go on coding.
But to my humble experience, the outcome of it is simply one: Internet Explorer rocks.
I spent years seeing comments of sophisticated -very sophisticated- persons who endlessly blamed IE and accused it of nearly everything, from bad weather to fixed layers, from bad digestion to limited selectors’ hovering.
To me, css dhtml or whatever you throw at its jaws, my problems NEVER came from Internet Explorer but invariably (I want to stress this: i-n-v-a-r-i-a-b-l-y) by OTHER browsers.
Internet Explorer has always been the browser that always behaved the expected way when COMPARED to what incredible amount of wrong behaviours other browsers were able to misdo.
To me, this has always appeared as a FACT, whence derives the opinion, and NOT as a previously established opinion after which we go in search of facts to support it.
So, I even dare deem it unbiased.
When I read some comments where IE gets bashed and other browsers, clearly clustered with flaws, get worshipped, it always seemed to me there was in action either an underlying undeclared IDEOLOGICAL assumption (IE as the metaphor of greedy capitalism versus the proletarian knack of other browsers – yet still developed by billions yielding Companies, a particular conveniently overlooked) or the habit that long ago Bertrand Russell stressed with his witty sarcasm: that two plus two yields four "is an opinion that only very, very experienced philosophers would feel like contending".
That Internet Explorer is not SIMPLY FABULOUS a browser, is an opinion that only very very experienced and very very sophisticated developers would challenge too strongly and so loudly.
Period.
Alberto, unitedscripters dot com
How much of this surfing information is retrievable by Microsoft – will it be used in the New MSN search ALGOs?
["The CURI object is available for consumption by external callers like ActiveX controls and Browser Helper Objects;." ]
Netquik asked: "CURI = ?
Centralized Uniform Resource Identifiers ?"
My guess is that CURI is the class name of the object itself. ("C" is a standard prefix for classes.) In other words, it is the class that implements the IUri interface that is documented at: http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/moniker/reference/ifaces/IUri/IUri.asp
Give me a break Mr Alberto.
All the other browsers are the ones we need to blame?
I think you aren’t beeing fair!
What about the w3c Standards? The ones that IE DOESN’T follow?
What about security issues?
I’m Not a professional web developer, but since I discover and learn about the standards, I can see where MS did the wrong job, not following the standards and blaming other browsers, just like you did right now!
So don’t spread FUD and think after talk
PS 2 plus 2 is five (when you count wrong)
Goood Bye
I too am rather shocked and appalled that MS has just realized, in 2005, that OOP is the way to go. No wonder IE has had so many security problems. Do I dare ask what other common code is currently implemented dozens of times?
So, the 508 character URL limit is fixed now? (for Bookmarks)
If so, please post the new limit…
If not, please go back to your developers and give em a good kick.
Rick
<<EricLaw, even given unlikely ../ directories in absolute addresses, it is still not infinite if there is a practical limit to the length of URLs.>>
Hehe. I stand corrected. 🙂 I’ll refine my statement to be: There are somewhere in the neighborhood of ~40 ^ 2000 possible equivalent representations of a given URL.
(I misspelled minuscule, above. Oops.)
The Internet Explorer team talks about URLs in IE7, and what they’re doing to prevent spoofing as much…
Guys, could you add a setting to turn off SOUNDS in IE? It drives me insane that for the last however many years I have to listen to pages loading!!!
Whats wrong with the one that has been there for years?
In the same place every single other setting on windows is, strange enough – they put settings all in the control panel.
Start -> Control Panel -> Sounds and Audio -> Second Tab -> Either Edit the individual Sound on the bottom, or as I do, select the No Sound Scheme from the top drop down -> Click off on the stupid save/whatever alert that comes up after you hit apply -> Ok out
Done
I don’t understand why this align=justify does not work for text in IE. It works perfectly well in firefox 1.0 and above. IE developers, please try to see that this option works….
Pratap.
I wonder if it would be worth exploring the TinyURL paradigm and creating a local database of frequent and/or common URI’s and tagging them as a shortcut. This could work in conjunction with IDN’s.
Its been a while since my last post here. I guess Beta 2 work has been taking most of my time. But I…
All I know is they’d better fix it so when I type in any url starting with "ftp" like ftpsearch.ntnu.no, it doesn’t get all smart-retarded and open it with the ftp:// protocol. Dammit, Jim, it’s a browser, not an FTP client!
It’d be nice if I enter "blah.com:81" I don’t need to enter http://.
Please start fixing the URL length limit of 2083 (= 2048 + the length of "http://www.microsoft.com/index.html" ?), and support for data urls like data:image/jpg;base64 as well…
I’ve been round the blogverse and there are a lot of cool things being linked to. Seems a shame to have…
Хрень всё это. 😉
I recently found out that you’re not supposed to be able to use back slashes () in URLs, yet IE supports the use of them.
This was causing problems with a certain website I was making because the programmer had linked to everything with back slashes, and ofcourse the links didn’t work in Firefox.
Can you please rectify this problem so people don’t assume it’s ok to use backslashes for their websites?
"Can you please rectify this problem so people don’t assume it’s ok to use backslashes for their websites?"
I completely disagree. There is an old rule of programming when implementing specifications, be conservative in what you send, and liberal in what you accept. I believe IE is following that rule. I’d much rather bad code work in IE than not work because of standards conformance. IE is correct probably 99% of the time when it assumes the user meant to use a /, so why add needless difficulty? Instead, I’d be asking the Firefox people to add this feature!
So, will the classes controlling CURL’s be added to the .NET Framework?
Codemastr,
I believe that’s the sort of attitude that makes IE such a pain for designers and developers today.
There would be no need for rules and standards if they were just ignored all the time. By ignoring specifations you’re just making things more confusing; because how would you know if what you’re doing is correct?
I would rather have code that doesn’t work at all rather than code that sometimes works. If something didn’t work at all, at least you could fix it before it becomes a habit.
If a person repeatedly pronounced your name incorrectly would you not correct them?
Specifations are there for a reason, follow them!
Could you make no limitation to URL length. Because URL length limitation to 2048 characters my Website is only compatible with Firefox. Thanks.
this is a really welcome enhancement. Link: IEBlog : URLs in Internet Explorer 7. Internet Explorer 7 includes a new URL handling architecture known internally as CURI. The new optimized URI functions provide more secure and consistent parsing of URIs
‘I’m not quite ready to talk about IE7’s support for International Domain Names (IDN) yet’
whats soo secret??
(and why wasn’t there support in first beta)
<<<Could you make no limitation to URL length. Because URL length limitation to 2048 characters my Website is only compatible with Firefox.>>>
10 billion webpages get along just fine with URLs under 2048 characters. The RFC calls for 1024. What the heck are you doing? URLs this long are terrible for performance.
<<<There is an old rule of programming when implementing specifications, be conservative in what you send, and liberal in what you accept>>>
Alas, that’s from the good old days, back before security bugs took advantage of liberal interpretations. IE should lock this down.
This is related to the post titled "fragment portion of URI and IE7 history"
While you are at it, there are some other bugs related to the fragment portion of the url – namely adding a new fragment (hash) when there are none on the page, doesn’t create a history entry (I’m not sure if it should or not, but Netscape and Firefox both do), and when it changes, the change isn’t reflected in the location.hash property.
While you are at it, if you could add an event to fire when the fragment (hash) changes, that would really be helpful to AJAX/Flash developers – even if it is non-standard (you could always submit it to some freindly standards body).
And really pushing it, maybe you could add an event (ontarget) for items that are targeted by the new fragment (hash) that fires when the element gets targeted – it would be similar to how the element gets it’s style updated by the :target selector (if you plan to add that).
>> All IE7 is a knock-off version of FireFox, Netscape (owner of Mozilla, which created FireFox) has always been a better internet Browser.
Firefox is a knock of Opera who has had tabbed browsing, popup blocking, css compliance, skinned browsing, search bar, abilty to turn off styles, etc. etc. etc. for years. Long before Firefox even existed. Firefox has copied Opera is so many ways it’s rediculous. So, stop harping on Microsoft for copying Firefox because Firefox is only and Opera wannabe. By the way incorporating a feature that is not currently in your program to make it better, even though a compeditor has already done that, is not a bod thing. It shows you are keeping up with the times. Should we harang Microsoft because they are bettering their css support, saying "Microsoft is adding to their css … they’re copying Firefox’s css support." It would be ludicrous to say that, and so is harping on Microsoft because they are adding tabbed browsing. Firefox didn’t invent it and it isn’t the best browser out there. Get over it.
"codemastr: But then when to tell if I actually means https://blah.com:81"
You’re right. However, when I just type in "blah.com" it defaults to http. I didn’t specify a WKP, it just assumes I want http. I think that should always be the case. Unless I specify a WKP or explicitely specify a protocol, it should default to http.
Actually, to make it even better and to address both mine and M’s requests, what about making it configurable? IE apparently has some rules to determine "is this ftp?" "is this http?" what about making them user configurable. It could be like an Outlook rule.
Where the PORT is 81 use HTTP
Where the HOSTNAME begins with ftpsearch use HTTP
That’d be pretty cool if you ask me.
Why switching to Firefox is a good idea.
New Zero-Day IE Bug Can Give Attackers Control
By Gregg Keizer
Courtesy of TechWeb News
While an official patch isn’t available from Microsoft — making this a so-called "zero-day" exploit — several workarounds can be applied by users or administrators, said the ISC. The kill bit for the ActiveX component could be set, the .dll could be removed (although that, warned the ISC, might break some applications), or users could switch to another browser, like Mozilla’s Firefox, which doesn’t use ActiveX.
http://www.internetweek.com/showArticle.jhtml?articleID=169400405
Cheong: Running HTTPS on port other than 443 isn’t a good thing, because you can’t connect there via proxy.
codemastr: But then when to tell if I actually means https://blah.com:81
I think it’s right to assume protocols only on well known ports.
I noticed with IE7’s new history handling, using Back and Forward on fragment links no longer works.
Clicking a fragment link in a page no longer adds an item to the history, breaking that functionality.
Is it planned to re-add history for fragment links?
It is encouraging to see a mention of RFC 3986 (a.k.a. STD 66 – it is the first URI spec to reach full IETF Internet Standard status!). Conformance with the resolution and normalization rules of this spec will be very welcome.
On the W3C URI Interest Group mailing list, we’ve had several abortive attempts to settle on a new ‘file:’ URI spec. On the list I’ve occasionally mentioned and hoped to get some input and feedback from Microsoft regarding issues related to this — such as how UNC paths are mapped to and from ‘file:’ URIs (and your conventions & caveats re: ‘file:’ URIs in general); and what kind of URI normalization is performed by the Address Bar widget in Windows Explorer and Internet Explorer (and where the line is between what is done there and what is done in the resolver; the widget is lenient about what it accepts, and sometimes rewrites what you enter in it; what principles guide this normalization?).
A couple of MS folks do seem to be on the list (Alun Jones, Michel Suignard) but they remained focused on other issues. If possible, could anyone with an inside track at MS help us produce a ‘file:’ spec that reflects best current practice, if not also strives to provide better guiding principles for future implementations? Thanks
…Is there going to be anything done about the way IE steals focus from the address bar upon loading the user’s home page?
If you open IE, then start typing into the address bar, IE will suddenly steal focus, replace your typing with the URL of your home page, or, sometimes, just jump the cursor to the beginning of the line, leaving you typing URLs that come out as
gle.comhttp://www.goo
In my opinion, the very fact that the address bar has focus and has had recent typing activity means that IE has no business tinkering with the control focus or the contents of the address bar.
It’s more than a little irritating.
Dear mr. Alberto, thank you for calling me and many other readers here very very experienced and very very sophisticated. I feel honored.
But please, you too can educate yourself. Simply look at microsofts list of bugfixes they are now going to release with IE7 (http://blogs.msdn.com/ie/archive/2005/07/29/445242.aspx) for confirmation and learn more about its deeper, current mysteries at http://www.positioniseverything.net/ie-primer.html and http://www.satzansatz.de/cssd/onhavinglayout.html.
Read up and come and join us at our side of the fence 😉
An encapsulated URL class that controls all aspects of URL can also help the server side URL parsing. I recall there are several URL parsing related vulnerabilities with older IIS, some are national language related.
I am wondering what would be the next architectural change in URL handlers. Previous comments request support for data: URL. I am actually wondering whether javascript: URL would receive a different treatment, since this is inherently more dangerous than just showing some text or image. I am guessing maybe a URL scheme based policy can help, and probably the proper URL permissions/origins can be propagated along all code path.
From a secure software architecture viewpoint, the CURL is a great improvement. Good job!
EricLaw, even given unlikely ../ directories in absolute addresses, it is still not infinite if there is a practical limit to the length of URLs.
1. ChrisH: No need to convert your relative hyperlinks to absolute; the efficiency savings would be miniscule, you’d have to transfer more bytes over the wire, and it would cause problems if you ever wanted to change your root domain.
2. Brianiac: Actually, the equivalent set is infinite. http://www.example.com/1/../ == http://www.example.com/2/../, etc.
3. Peter: You can turn off sounds using the Control Panel.
Alberto, here is an article that will bring you up to speed:
http://www.howtocreate.co.uk/wrongWithIE/
Guys, could you add a setting to turn off SOUNDS in IE? It drives me insane that for the last however many years I have to listen to pages loading!!!
so, is CURI the reason why Navigate() now fails
on IWebBrowser2?
i’m guessing i’ll have to put the url inside
a CURI object.
in order to prepare for IE7,
us developers will need some details on CURI.
Is it a feature of IE6 that relative https: links don’t work i.e. https:newpage.htm won’t be cracked at all?
PingBack from http://molewall.wordpress.com/2006/05/03/chinese-url/
PingBack from http://www.netcrucible.com/blog/2005/11/07/a-change-in-uri-parsing-between-ie7-and-ie6/
PingBack from http://www.thepraveen.com/internet-explorer-7-for-windows-xp-available-now/
PingBack from http://uberchurchtech.wordpress.com/2006/10/19/church-geek-links-10-19-06/
PingBack from http://www.vsnetwork.co.uk/2006/10/18/internet-explorer-7-final-released-today.html
PingBack from http://invaleed.wordpress.com/2006/10/19/internet-explorer-7-for-windows-xp-available-now/
PingBack from http://arai.wordpress.com/2006/10/19/internet-explorer-7-released-for-windows-xp-and-windows-server-2003/
Its been a while since my last post here. I guess Beta 2 work has been taking most of my time. But I
PingBack from http://stylegrind.com/ie-7-released/
PingBack from http://ekrishnakumar.wordpress.com/2006/10/22/internet-explorer-7-for-windows-xp-available-now/
PingBack from http://www.jasonruyle.com/2006/10/18/internet-explorer-7-released/
PingBack from http://www.ie7security.net/2007/01/11/url-handling-in-internet-explorer-7/
IE7 js: URL problem? I messed up, and now I’m trying to fix it, and am also seeking anecdotal info you may have on whether Microsoft Internet Explorer 7 changes the way that "javascript:" URLs are handled when requested in ActiveX Controls. In an old
One of the benefits of creating a new URI parsing API for IE7 was that we were able to more easily add
Reformed Adult Webmaster Reveals Cutting-Edge Marketing Secrets
A friend just showed me this brilliant Heartburn and Acid reflux website that gives you great tips
If you’re looking cure your acid reflux, then this blog has some excellent tips!
PingBack from http://www.vistadownload.org/ie7/curi-improves-url-handling-in-ie7.html
PingBack from http://www.sitepoint.com/blogs/2008/11/21/why-the-data-uri-scheme-could-help-save-your-slow-site/
PingBack from http://www.hilpers.it/1503595-ie7-include-una-nuova-e
PingBack from http://www.baby-parenting.com/baby/babyname/Keizer
PingBack from http://isharethepoint.com/?p=593
PingBack from http://paidsurveyshub.info/story.php?title=ieblog-urls-in-internet-explorer-7
PingBack from http://woodtvstand.info/story.php?id=10579
PingBack from http://uniformstores.info/story.php?id=447
PingBack from http://uniformstores.info/story.php?id=14436
PingBack from http://workfromhomecareer.info/story.php?id=19088
PingBack from http://www.ostreff.info/?p=415
PingBack from http://fixmycrediteasily.info/story.php?id=845