Displaying tfeL-ot-thgiR Scripts – Can your computer handle it?


If you plan to use Complex Scripts (like Arabic, Hebrew, Thai, etc), you should ensure that you have support for complex scripts installed. I know that sounds obvious, but we wanted to make sure people know how and why to do this. Let us examine this in detail using an international URL issue that Dean recently encountered while dogfooding IE7.

What is the issue?

Internet Explorer will sometimes display Right-to-left (RTL) languages such as Arabic or Hebrew, in the address bar in left-to-right (LTR) order. Due to IE’s IDN homograph-spoofing mitigation; this would be an issue only for users who have that language in their language settings (otherwise navigating to an international URL will display the hostname as punycode). Still, this is a genuine customer scenario that should just work. For example, consider a Hebrew URL:
http:// gimel beth aleph dot com

This would show up in the address-bar as http://xn--4dbcd.com by default. But a user with Hebrew in their accepted-languages might see:

http:// aleph beth gimel dot com

We found it very surprising that such an important issue was not reported widely during Beta 1 and Beta 2, so we wanted to dig a little deeper.

What did our investigation reveal?

This happens only on machines where support for complex scripts is not installed. Complex Scripts are those which require contextual processing for display, editing, and other functions, such as:

  1. Bi-directional (BiDi) reordering (e.g. Arabic, Hebrew)
  2. Contextual shaping (e.g. Arabic, Indic family)
  3. Display of combining characters (e.g. Arabic, Thai, Indian)
  4. Specialized word-break and justification rules (e.g. Thai)
  5. Disallowing illegal character combinations (e.g. Indian, Thai)

IE’s address bar uses the Windows EDIT control which uses GDI to display characters. When support for complex scripts is not installed, GDI can just map a given Unicode codepoint to a glyph and display it, but can’t do context-specific stuff like changing the order or shape of characters. All this language specific complexity is handled by Uniscribe, which is installed when you install support for complex scripts. Inside the browser, of course, we support all these scripts ourselves, regardless of whether the Windows EDIT control support is installed – the problem only occurs in the address bar.

Who does this issue impact?

You can run into Unicode URLs incorrectly displayed in the address bar if:

  1. You are running a non-complex-language build of Windows XP/Server 2003, such as an English build. Uniscribe support is always installed on complex-language-builds of Windows XP/Server 2003. Windows Vista always has this support installed.
  2. You have not added support for input in any complex language using the system control panel. The complete support is installed if you install support for any complex script input.
  3. You have that particular complex/bidi language in your accepted-languages. As I mentioned above, if the language is not added to your accepted-languages, you’ll just see punycode in the address-bar.

We have not seen any bug-report mentioning this, and do not think this is an issue that a typical user of complex scripts would run into.

How can you fix the issue?

If the description above matches you, or if you just want to play it safe, you should install complex script and RTL languages support. This not only corrects the IE behavior, but will give you a more consistent experience when using complex scripts in other components and software running on Windows XP.

Go to “Control Panel-> Regional and Language Options” and check the setting shown below. You’ll need the Windows XP CD and will need to restart.

Right-to-Left language Settings

Feedback?

Comments and feedback are welcome! Make sure you try out IE7 Beta 3!

-Vishu Gupta
Developer

Comments (42)

  1. IE ass says:

    That’s fine since I know nothing about Arabic. 🙂

  2. tm says:

    I browse to RTL websites and I have experienced this problem. However, i just thought it was an "unimplemented" feature. I didn’t think enough people in the world cared about it for you to actually fix it. I’m glad to know that it is supposed to work and I’m happy to see you provided me with exact steps on how to make it work. Now it works like a charm! Thank you.

  3. brion says:

    I’ve always been rather curious why this text rendering support isn’t simply installed by default.

  4. Drew says:

    I have noticed that when using Internet Explorer Beta 3, it is much better about displaying websites, but there are still some very frustrating to use.

    http://www.facebook.com is a very popular site used by college students. However, the pages are often displayed oddly with pictures or words not lined up properly, and instead off to the right or left of the screen.

    Sometimes they are impossible to figure out because they scatter all over the screen. This happened with IE 7 BETAs 1 and 2 as well, but to more of an extent. There are other pages too where words or things are scattered and it’s almost like the frames on the page are messed up.

    Help?

  5. michkap says:

    Hello brion,

    It is turned on by default in Vista. As hinted at in http://blogs.msdn.com/michkap/archive/2005/05/27/422458.aspx over a year ago!)

  6. What I’d like to see is BOM removed from UTF-8 notepad based files for Vista.  I can’t find ~ANY~ UTF-8 editor that can display all the various langauges I’ve got translation links for on my site on a single file like Notepad but BOM screws up the browsers somehow.

  7. One of the reasons no-one has opened bugs about Hebrew rendering errors in URLs is that there are very little, if any, URLs in Hebrew. 🙂

    In this wondrous age of Unicode it may be possible to have Hebrew characters in URLs, but this is a relatively new occurence. Most Hebrew-speaking computer users are only slowly warming up to the concept of a filesystem that supports Hebrew characters (though that’s been available for years) and recovering from such catastrophes as backup software that ignores Hebrew-named files.

    Given all that, do we trust all DNS servers to properly store Hebrew names for addresses? Sorry, no. Not quite yet.

    I don’t know what the situation is like for other RTL/complex scripts, though. English teaching in Israeli schools may not result in perfect English speakers, but it gives most people enough to understand English URLs. 🙂

  8. Murat KANIK says:

    i found another issue and it might be related with this. I use turkish chr set and if i type a wrong address like http://www.mıçrosoft.com by using turkish chrs. it just locks the IE 7.

    do you have any suggestion other than trying to type carefully 🙂

  9. Ofir says:

    my viev it good and i see the window of IE7 in right to left because i from israel and i speak hebraw so my IE7 is fiffrent but because that the symobls upsude to and this is anuing.

  10. EricLaw [MSFT] says:

    @Avener Kashtan: International domain names are stored using Punycode, which is plain ASCII.  Hence, there’s no need for a DNS server to handle Hebrew, because as far as it’s concerned, it’s just responding to an ASCII address that starts with xn--.  

    We expect that International Domain Names will become increasingly popular as IE7 is deployed worldwide.

  11. matrix says:

    http://channel9.msdn.com/ShowPost.aspx?PostID=212952

    Security hole,or what ?

    Work on IE7 Beta 3.

  12. EricLaw [MSFT] says:

    @Matrix: This is a (rarely used) feature, and it’s a real stretch to call it a "hole".  In order to exploit this, a bad guy would have to be able to drop his code on your desktop.  If he can do that, there are far more interesting things he could do instead.

    Note, it’s this same feature that allows you to type the name of one of your Favorites in the address bar and have it navigate.

  13. An article that anyone who ever thinks about right-to-left scripts can be seen in IEBlog, it is entitled…

  14. m1t0s1s says:

    Anybody seen this:

    http://en.wikipedia.org/wiki/Internationalized_domain_name#Spoofing_concerns

    The actual site is:

    http://web.archive.org/web/20050211033410/http://www.xn--pypal-4ve.com/

    though since the site is down now, it probably won’t display it since it’s only for the domain.

  15. Abhijit says:

    Hi,

    I have been trying to find a way to enable script debugging in IE but it just doesnt seem to work. I have just installed IE7 B3 after uninstalling B2 but the same problem continues.

    I uncheck the disable script debugging checkbox in the options and fail to get teh view->script debugger option. Nor does the control break at debugger; statement

    CAn you please help?

    Abhi.

  16. Dileepa P says:

    This webpage is causing 99% CPU usage. IE stops responding after this page completely loads.

    http://www.expressindia.com/fullstory.php?newsid=70717

  17. Steve says:

    >This webpage is causing 99% CPU usage. IE stops

    >responding after this page completely loads.

    >

    >http://www.expressindia.com/fullstory.php?newsid=70717

    Not for me Dileepa. The page takes a fair few seconds to load, but task manager shows the CPU not going beyond 30% (and this is only a 1GHz processor).

    It does however show:

    Internet Explorer could not open [url].

    Operation Aborted.

    in an error messagebox. Whatever that means!

    Steve

  18. Eirik says:

    After loading IE 7 (worked fine) my software

    for HP-printer/scanner did not work anymore.

    Uninstalling HP and reloading a newer version

    resulted in loss of many XP-functions.

    Reason was that uninstalling HP stopted many

    services in XP.

    I tried several times with new-installing XP,Works,Norton,upgrades, etc.

    Installing HP kept proper working until IE 7was

    installed,after de-installing IE 7 everything,

    XP etc, kept proper working.

    I dont dare anymore to uninstall HP so IE 7

    remains remains a wish.

    PS:HP means a PSC1315 with old and new software

    both with all updates.

    Probably Vista can give the same results.

  19. Dileepa P says:

    It still does for me:

    In my hurry to post it here, I left out a few impt details:

    IE7 B3 on Windows XP SP2 (all the latest patches). The system has both Office 2K and Office 2007 B2. And WMP11 Beta. And Yahoo Messenger 8 Beta.

    And it happens everytime I open the URL:

    http://www.expressindia.com/fullstory.php?newsid=70717

  20. EricLaw [MSFT] says:

    @m1t0s1s: Yes, everyone working on the IDN feature has read the background on the Paypal spoof which is referenced in the Wikipedia article.  Mitigating spoofing concerns was the primary design goal for our IDN implementation.

  21. blah says:

    how useless… this "new" internet explorer is just a copy off of firefox

  22. Tony Black says:

    My friend uninstalled beta 3 so he could install beta 4, He’s a msdn subscriber, and his computer crashed… it was almost a total loss, but i was wondering if there was a patch or was it a 1 in a million thing? I have my backup ways and everything but i don’t really want to re load my computer…

    Plz e-mail me or something at lttony1990@sbcglobal.net

  23. hmmmm says:

    when you have an url in your favorites that has a long description…it stretches your favrorites menu which is normal…but when you delete it it doesn’t shrink back to the size of the next biggest link…until you restart ie.

  24. There is a traitor amongst the Microsoft ranks.

    http://blogs.msdn.com/ryanrogers/archive/2006/07/08/660423.aspx

    He eschews the American Dream of profit and competition, and actually wants to EMULATE and LEARN from the slothful, disgusting fat libearl Mountain-Dew guzzling Democ-rat open source hippies.

    Please fire him.

  25. Sandro says:

    This is not a comment about Displaying tfeL-ot-thgiR Scripts, It’s a request.. sorry for that but I can’t find any other way to contact you.

    Could you release an Internet Explorer 7 wallpaper?(based on http://www.ieaddons.com/ background) It’s very beautiful. Thanks and sorry again.

  26. andrez@cox.net says:

    IE7 Beta 3 does not view pdf

    The security pop-up does not have an option to disable the pop up if security is set to customer satisfaction

  27. Rakesh says:

    I think IE7 rocks!

  28. zwq says:

    Does anybody know how to send feedback for the Windows Media Player 11 version. I just can’t find the place.

  29. Daemon007 says:

    Hey Good job Bill gates ! 😉

    IE 7 is kool.

    I love the way u make life so easy for all of us. Its a pity there are a lot of critics around as well.

    Could the development team please hide the URL which is now visible in pop ups. I wouldnt want my users to see the URL. They might just copy and play with it.

    Thanx

    Daemon007 [XBOX 360 Id]

    Name: Rohit Kumar

  30. EricLaw [MSFT] says:

    @Daemon007: One of the things that the industry has learned over time is that security through obscurity simply doesn’t work.  Even if the Address bar is hidden, you wouldn’t be able to stop folks from using a HTTP Debugger (e.g. http://www.fiddlertool.com) from sniffing the secret URLs and playing around with them.

  31. 33333333 says:

    EWAEEWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE3333333333333333333333333333333333333333333444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

  32. 33333333 says:

    EWAEEWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE3333333333333333333333333333333333333333333444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

  33. 33333333 says:

    EWAEEWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEERRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRREEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE3333333333333333333333333333333333333333333444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR444444444444444444444444RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

    RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR

  34. John says:

    I just installed Norton Internet Security 2006 on my Win XP Pro P4 computer and am getting an error message when I open the AntiSpam section.  The error message reads:

    Internet Explorer Script Error

    Line:  15

    Char:  1

    Error:  Object expected

    Code:  0

    URL:  res://C:ProgramsCommon DataSymantec SharedAntiSpamas.Res.LOC/nasstatus.htm

    Do you want to continue running scripts on this page?

    Yes  No

    After searching the Symantec Database, I tried re-installing the MS Scripting Host 5.6 but that didn’t solve the problem.  I tried de-installing and re-installing NIS but that also didn’t work.  The AntiSpam section of NIS shows all parts in the status of "Refreshing" but it seems to be stuck there.  Does anyone know of a possible solution?

    Thanks,

    John