I have been slacking in the posting department during my recent travels. RC2 shipped last week, while I was in NYC. Others have spoken about it. I will describe briefly what changed wrt pop-up blocker.
But first a warning: everyday we have an internal build of RC2. Everyday I install the latest build on my test machine. This process causes minor changes to all blur together in my head. If I need to know when something specific happened, I can look in the source logs. I am, however, going to write this from memory, so I might get minor details wrong.
Registry Values and Levels
The various aspects of pop-up manager are controlled by values in the registry under HKCU\Software\Microsoft\Int ernet Explorer\New Windows. The registry values are all dword values, unless noted. Values are all either 0 or 1, unless noted.
PopupMgr - Whether the pop-up blocker feature is enabled or not. This is the checkbox on the privacy tab of the Internet Control Panel.
PlaySound - Whether or not a sound should be played when a pop-up is blocked. This sound is set in the Sound Control Panel.
ApplyToWebOC - Applications hosting the webbrowser control only get pop-up blocking if they opt in. This forces pop-up blocking on non-opted-in apps when true.
UseSecBand - Whether or not pop-up blocker notifications should appear in the Information Band.
AccUserInitOnClick - Turns off or on an app compat work-around for some Accessibility Aids. This is on by default.
Balloon - Set when the balloon notification has been shown. Not a very interesting value, listed here for completeness.
BlockHTMLDialogs - Whether or not to treat HTML dialogs as pop-ups.
UserInitTimeout - Number of ms in the timeout period when the UseTimerMethod value is set (see below).
The biggest changes for SP2 is the creation of multiple levels of pop-up blocking. This is visible in the advanced pop-up blocking settings dialog (Tools->Pop-up Blocker->Pop-up Blocker Settings...). The levels are high, medium and low. The text descriptions of the levels were limited by the size of the box and the length of the text when localized to languages such as German. I will provide more details. The levels are pre-set combinations of the following values. Please note, these may change between now and the final release of SP2.
BlockUserInit - Whether or not to block windows deemed to be the result of a user initiated action. When on, pop-up blocking is hardcore. Default is off.
UseTimerMethod - Whether or not to use a timer to detect user initiated actions. Some sites do things asynchronously to mouse clicks... mostly sites where you submit data which results in a popup.
UseHooks - Whether or not to hook messages going to ActiveX controls. If this is false, then the control may not be able to open a new window.
AllowHTTPS - Whether or not to blindly allow pop-ups from sites using https.
The default values are High: T,F,F,F; Med: F,F,T,F; Low: F,T,T,T.
If you go change one setting by hand and it does not match the template for any of those levels, the level will show as “Custom” in the settings dialog.
The only other key to note is the Allow subkey. This is just a list of domains in the whitelist.
Script Debugging in IE
When a suitable script debugger is installed, and the user visits a site that causes a script error, IE has traditionally provided a “Do you want to debug?” prompt. This is controlled by a registry setting and has generally been off by default, but installing other applications could cause this to become enabled. Most users would really rather not see this prompt. To that end, the old setting got renamed to “Disable Script Debugging (Other)” and a new setting was created “Disable Script Debugging (Internet Explorer)”. Apps hosting the webbrowser control to do web page design can still use the old setting to enable script debugging in their app without the average end user having to see this prompt. Developers can also enable debugging in IE by enabling the new setting. These settings are in the Internet Control Panel's Advanced tab (Tools->Internet Options->Advanced), under the Browsing sub-heading.
App and Site Compat
We did a lot of work balancing the effectiveness of pop-up blocker with not breaking existing sites. As always, there are trade-offs here. Frequently in SP2 we have chosen security/privacy over compatibility, which is why we introduced the levels in pop-up blocker. The levels provide a quick and easy way to chose where you want to be in the compat trade-off arena. The default is medium. If you find some really egregiously broken sites, please feel free to post them here. I will probably not be able to respond to post responses, but we will look at all of them.
Misc UI Bug Fixes
I fixed a lot of UI bugs, mostly related to menu state. The layout of the menus changed a bit. In retrospect, this is not very interesting to talk about.