Brain Dump: International Text

Note: The “brain dump” series is akin to what the support.microsoft.com team calls “Fast Publish” articles—namely, things that are published quickly, without the usual level of polish, triple-checking, etc. I expect that these posts will contain errors, but I also expect them to be mostly correct. I’m writing these up this way now because they’ve…

1

Enhanced Protected Mode and Local Files

Ordinarily, Internet Explorer loads local HTML files in the Local Machine Zone. Locally-loaded HTML files are subject to the Local Machine Lockdown feature which prevents pages from running active content like JavaScript or ActiveX controls, showing the following notification: In order to avoid this lockdown, many local HTML pages will contain a Mark-of-the-Web (MOTW) which…

2

Authenticode, HTTPS, and Weak RSA Keys

Over on the Microsoft PKI blog, there’s some important information about upcoming changes for website operators who use HTTPS or deploy Authenticode-signed applications or ActiveX controls. Weak RSA Keys Blocked To briefly summarize the PKI team’s post, a security update coming to Windows 2008, Win7, Windows Vista, Windows 2003, and Windows XP in August 2012…

7

The Intranet Zone

Internet Explorer maps web content into one of five security zones. After the Local Machine Zone, the Local Intranet Zone is probably the most misunderstood of the Zones, and is a common source of confusion and compatibility glitches. Mapping into the Local Intranet Zone For the Trusted and Restricted Sites zones, Zone Mapping is simple….

10

Brain Dump: Random Tidbits

This post contains random IE-related tidbits for which there’s either not enough material or time to write a full post. I expect to revisit and expand this list from time to time. Case-Sensitivity in Cross-Frame Scripting of File URIs Same-Origin-Policy controls how script running in web pages may interact with other pages. Normally, in IE,…


Please Stop Polluting

When I surf the web, I almost always have Fiddler running, and as a consequence I see a lot of “hidden” pollution in pages. Much of this cruft has built up over the years, copied from site to site, probably with little critical thought about its necessity. Please remove any META tags you have that…

4

Use IMG tags only for Images

First, a bit of background. When web developers are optimizing the performance of their sites, often they try to use their homepage to pre-cache resources that will be used on later pages. They might do so by kicking off “pre-fetch” resource downloads after the content required by the homepage itself has downloaded. It turns out…

8

Building Custom Search Providers for IE’s Search box

When the Internet Explorer team first introduced the Search Box next to the address bar in IE7, we also introduced an easy way for users to install search engines offered by websites that they visit. Users who want to add a site’s search engine to the browser’s search box can do so with just two clicks. Building a Search Provider XML…

7

Same Origin Policy Part 2: Limited Write

In Part 1 of this series, I described how Same Origin Policy prevents web content delivered from one origin from reading content from another origin. (If you haven’t read that post yet, please do start there.) In today’s post, we’ll look at what restrictions are placed on writing between origins. What is a “Write”? For…

4

Pushing the Web Forward with HTTP/308

Recently, the IESG approved publication of a new Internet-Draft defining the HTTP/308 status code (Intended Status: Experimental). This status code is defined as the “Permanent” variant of the existing HTTP/307 status code. Recall that HTTP/307 was defined back in 1999 to remove the ambiguity around the HTTP/301 and HTTP/302 redirection codes, for which many user-agents would change…

1