Simon Willison’s Weblog

Internet Explorer Platform Preview Guide for Developers (via) Lots of SVG and CSS3 stuff, no mention of canvas here either though. 16th March 2010, 6:36 pm

An Early Look At IE9 for Developers (via) Surprisingly, no mention of SVG or canvas and only a note in passing about HTML 5. 16th March 2010, 6:11 pm

Internet Explorer: Global Variables, and Stack Overflows. An extremely subtle IE bug—if your recursive JavaScript function is attached directly to the window (global) object, IE won’t let you call it recursively more than 12 times. 2nd March 2010, 9:21 am

Internet Explorer Cookie Internals (FAQ). Grr... IE 6, 7 and 8 don’t support the max-age cookie argument, forcing you to use an explicit expiry date instead. This appears to affect the cache busting cookie pattern, where you set a cookie to expire in 30 seconds for any user who posts content and use the presence of that cookie to skip caches and/or send their queries to a master instead of slave database. If you have to use expires, users with incorrect system clocks may get inconsistent results. Anyone know of a workaround? 26th February 2010, 12:25 pm

Deep Tracing of Internet Explorer. dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of. 18th November 2009, 8:06 am

More technical details about Google Chrome Frame. It’s implemented as a Browser Helper Object, uses IE’s cookies, history and password-remembering, includes the WebKit developer tools and appends “chromeframe” to the regular IE user agent string—though not apparently the Chrome Frame version itself. 23rd September 2009, 10:20 pm

Introducing Google Chrome Frame. Here’s what Alex Russell has been up to at Google: An IE plugin (for 6, 7 and 8 on all Windows versions) which embeds the Google Chrome rendering engine—sites can then opt-in to using it by including a X-UA-Compatible meta tag. Seems to be aimed at corporate networks which mandate IE for badly written intranet applications—they can roll this out without retraining users to use another browser or breaking their existing in house apps. 23rd September 2009, 9:57 am

Microsoft backs long life for IE6. Oh FFS... “The software giant said it would support IE6 until 2014—four years beyond the original deadline.” 14th August 2009, 2:53 pm

Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments. 17th April 2009, 4:12 pm

cufon. A promising alternative to sIFR, cufon uses VML on IE and canvas on other browsers to render custom fonts in the browser. You have to convert your font to JavaScript first, either using their free hosted tool or by installing the FontForge based server-side script yourself. The JavaScript encoded font file uses VML primitives to improve IE performance; the JavaScript library converts that to canvas calls for other, faster browsers. 6th April 2009, 10:29 pm

Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet. 19th March 2009, 3:30 pm

Fixing IE by porting Canvas to Flash. Implementing canvas using Flash is an obvious step, but personally I’m much more interested in an SVG renderer using Flash that finally brings non-animated SVGs to IE. 15th March 2009, 1:34 pm

Ehy IE8, I Can Has Some Clickjacking Protection? (via) IE8 has built-in protection against clickjacking, but it’s opt-in (with a custom HTTP header) and IE only. It turns out the usual defence against clickjacking (using framebusting JavaScript) doesn’t work in IE as it can be worked around with a security=“restricted” attribute on an iframe. 29th January 2009, 1:39 pm

Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited. 16th December 2008, 8:26 pm

The March of Access Control. The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs. 19th November 2008, 8:40 am

On UI Quality (The Little Things): Client-side Image Resizing. Two neat tips for cleanly scaling down images in IE 6 and 7 from Flickr’s Scott Schiller. 12th November 2008, 11 pm

Obscure bugs revisited: IE, HTTPS and plugins. Filed for future reference: IE breaks mysteriously if you serve it up plugin content (e.g. Flash) over HTTPS with a no-cache header—it deletes the file from cache before the plugin software gets a chance to open it. 30th May 2008, 9:54 am

Reading binary files using Ajax. There’s a simple trick for Firefox, and (amazingly) you can get IE to play along using a function written in VBScript. 22nd April 2008, 7:02 pm

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types. 14th April 2008, 8:18 am

CSS Compatibility and Internet Explorer (via) Official Microsoft guide to which CSS properties are supported by which versions of IE. This is the kind of documentation browser vendors should be providing as a matter of course. 2nd April 2008, 8:05 pm

Gears 0.2 Released! New modules are HttpRequest and Timer, both for use within workers (which provide Erlang-style message passing concurrency). Particularly interesting is that the Gears HttpRequest module can be used for much cleaner Comet implementations in IE. 5th March 2008, 12:21 am

Jash: JavaScript Shell (via) An advanced JavaScript interactive shell bookmarklet that works in IE, Firefox, Opera and Safari. 9th December 2007, 12:36 pm

Conversation with Bill Gates about IE8 and Microsoft Transparency. Molly asks the tough questions about IE8—it looks like there should be a lot of IE8 material at MIX08 next year. 6th December 2007, 11:47 am

Transparent PNGs in Internet Explorer 6. 24ways kicks off again, with the first article introducing super-sleight, an updated script for getting transparent PNGs to work in IE6. 1st December 2007, 12:03 am

DebugBar. Suggested at BarCamp London 3 as a useful tool for developing with IE; apparently includes a great JavaScript debugger. 25th November 2007, 10:32 am

IE ActiveX(“htmlfile”) Transport, Part II. Fascinating tricks for working around IE memory leaks using explicit CollectGarbage() calls and setInterval() to an empty function. 19th November 2007, 11:48 am

Using multiple classes within selectors. Pretty much definitive guide to using multiple classes in a CSS selector, including problems with IE 5 and 6 and one way of addressing them using conditional comments. 11th November 2007, 11:07 pm

Global namespace pollution in IE. Another reason to avoid JavaScript global variables like the plague: IE creates a bunch of them for you which may well intefere with your own code. 10th October 2007, 10:10 am

Seeking market share, Microsoft removes WGA anti-piracy check from IE7. Hopefully this will accelerate the rise of IE7 over IE6. 5th October 2007, 11:55 pm

DOMContentLoaded for IE, Safari, everything, without document.write. Stuart has taken Hedger’s recent IE technique, combined it with the others and compressed it in to a short-as-possible code snippet that you can paste in to your scripts without having to include the whole of jQuery/YUI/Dojo/Prototype. 26th September 2007, 12:19 pm

IEContentLoaded. An alternative method of detecting DOMContentLoaded on IE; works by polling until the doScroll() method on an unattached element stops throwing errors. 24th September 2007, 12:10 pm

HTTPOnly cookie support in Firefox. Five years after the bug was filed, HTTPOnly cookie support has gone in to the Mozilla 1.8 branch. This is a defence in depth feature that has been in IE for years—it lets you set cookies that aren’t available to JavaScript, and hence can’t be hijacked in the event of an XSS flaw. 6th September 2007, 6:27 am

Operation Aborted. Another fantastically obscure IE bug: appending new elements to the HEAD element breaks if a BASE tag is present. 16th August 2007, 11:21 am

Background Iframe (bgiframe). jQuery plugin that inserts an iframe shim behind an element in IE, allowing the element to be positioned overlapping a select box without the select box showing through. 9th August 2007, 2:54 pm

Brendan Eich: New Projects. Exciting new projects from Mozilla. ActionMonkey is joined by IronMonkey (IronPython/IronRuby on Tamarin) and ScreamingMonkey (Tamarin for IE). Upgrading IE’s JavaScript using the Flash Player as a vector is a game-changing idea. 26th July 2007, 8:05 pm

Conflicting Absolute Positions. Neat technique, although it uses CSS expressions for IE compatibility so it may break down in IE 5 and 6 when JavaScript is disabled. 17th July 2007, 10:44 pm

Gaping holes exposed in fully-patched IE 7, Firefox (via) Michal Zalewski released a new Firefox 2.0 vulnerability in addition to the IE cookie stealing one. 6th June 2007, 9:57 am

IE vulnerability allows cookie stealing. Full exploit against the same-domain cookie origin policy, so malicious sites can steal cookies from elsewhere. Avoid using IE until this is patched. 6th June 2007, 9:53 am

JavaScript Minifier that doesn’t break code (via) Perl re-implementation of Douglas Crockford’s classic JSMin that doesn’t clobber IE’s conditional comments, by Peter Michaux. 4th June 2007, 5:44 pm

How to debug JavaScript with Visual Web Developer Express. Microsoft’s best kept secret: a decent free debugger for Internet Explorer that doesn’t require you to install Microsoft Office. 2nd May 2007, 2:06 pm

Internet Explorer Application Compatibility VPC Image (via) Microsoft have made free VPC images of IE 6 and IE 7 available for testing, but they expire in August. 20th April 2007, 4:47 pm

Avoid IE Brokenness When using Vary and Attachments (via) Django middleware that works around a bug in IE where external applications fail to load content that was served with a Vary header. 9th April 2007, 9:41 am

IE and 2-letter domain-names (via) IE won’t let you set a cookie on XX.YY, where YY is anything other than .pl or .gr. Other browsers have better exception lists. 15th February 2007, 12:33 am

IE JScript Performance Recommendations Part 3. Once again, Microsoft’s official advice is to avoid closures entirely rather than learn how to use them safely. Sigh. 9th January 2007, 11:48 am

Using hasLayout to fix bugs in IE. With illustrative screen shots. 2nd December 2006, 2:10 pm

Zero-Day Exploit Targets IE (via) Remote code execution. No patch yet; disable Active Scripting instead. 22nd November 2005, 6:24 am

Internet Explorer 7. It’s been announced, but the stated focus is security and anti-phishing. No news on improved CSS. 15th February 2005, 7:04 pm

IE in Windows XP SP2. An overview of the new security changes. 10th August 2004, 7:39 pm