Authenticode and Weak Certificate Chains

Recently, someone attempted to download a deprecated version of the Windows Script debugger. This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me when they encountered a very surprising outcome: After clicking the Run button, the…

6

Swapping out JQuery with Fiddler

This morning, someone asked me to look into a site-compatibility problem on a HTML5 demo site. When loading the site into IE9 and IE10, the F12 Developer Tools’ Script Debugger showed the following error: Now, obviously, IE does support getElementsByTagName, and I confirmed that the page is running in IE9 and IE10 Standards Modes in…

1

HTTP Methods and Redirect Status Codes

This crossed my Twitter stream earlier today: I’m not sure why we need a public service announcement to notify folks that Internet Explorer is behaving properly, but I guess there’s no harm in that. However, based on the lack of information provided, and the implication that this is surprising, I think the original actually poster…

9

Sharpen the Saw

Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in cash, kids, this was before credit cards got popular) and you’d get your cardboard box…

6

Internet Explorer 9.0.2 Update

Tuesday’s Update for Internet Explorer updates the IE9 Help > About dialog’s version number to v9.0.2. The update includes a number of security and functionality fixes; many of these fixes are described in the More Information section of KB2559049. One fix enables the IE9 Download Manager to properly save files on network drives where the…

15

Please don’t make XHR run in synchronous mode

The Windows Error Reporting team reports that 8.4% of all hangs in IE9 in the past month are caused by XMLHttpRequest objects blocking the UI thread with a synchronous request. http://blogs.msdn.com/b/wer/archive/2011/08/03/why-you-should-use-xmlhttprequest-asynchronously.aspx If your page uses XHR in synchronous mode, your first thought should be “I’m doing something wrong.” For a live example of why you shouldn’t…

6

Default Integrity Level and Automation

Over on StackOverflow, danimajo asked for help in an interesting scenario. Basically, he’s trying to drive Internet Explorer through automation, but finds that when he navigates to an Intranet site, the hidden browser instance appears and he can no longer control it. What’s going on? Background on Protected Mode Internet Explorer’s Protected Mode is a…

18

Best Practice: Get your HEAD in order

To ensure optimal performance and reliability when rendering pages, you should order the elements within the HEAD element carefully. First, I’ll explain the optimal order, and then explain the reasoning for this structure. Optimal Head Ordering <doctype>     <html>         <head>             <meta http-equiv content-type charset>              <meta http-equiv x-ua-compatible>             <base>             <title, favicon,…

19

Understanding Protocols

For over a decade, Internet Explorer has enabled developers to extend the browser with new URL protocol schemes. These protocols can be one of two types: Asynchronous Pluggable Protocols – COM objects that implement the IInternetProtocolRoot interface and return content to URLMon, usually for rendering content inside of Internet Explorer or Web Browser controls Application…

6

Integrated Windows Authentication

Inside Internet Explorer’s Tools > Internet Options > Advanced dialog, there’s an option named Enable Integrated Windows Authentication: This preference is stored using a REG_DWORD named EnableNegotiate inside HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings. When set to 0x1, Negotiate is enabled. From time to time, users have asked what this option does and why they’d ever want to adjust…

3