Simon Willison’s Weblog

Blogmarks tagged ie8, internetexplorer

Filters: Type: blogmark × ie8 × internetexplorer ×


IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0). # 3rd July 2008, 9:37 am

Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag. # 23rd January 2008, 2:56 pm

Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date. # 23rd January 2008, 2:14 pm

The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.” # 22nd January 2008, 4:34 pm

Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion. # 22nd January 2008, 12:40 pm