Simon Willison’s Weblog


25 items tagged “internet-explorer”


Why, for a decade of experience, can we not seem to see the IE 8 zombie coming? It’s not like it’s going to be some big surprise that unless we do something different, we’ll still be supporting it in 2015. That’s right: in 2015, you’ll still be thinking about a browser that doesn’t support canvas or video and doesn’t even have a JITing JS engine.

Alex Russell

# 11th October 2010, 11:01 pm / alex-russell, ie8, internet-explorer, recovered

Internet Explorer: Global Variables, and Stack Overflows. An extremely subtle IE bug—if your recursive JavaScript function is attached directly to the window (global) object, IE won’t let you call it recursively more than 12 times.

# 2nd March 2010, 9:21 am / bugs, ie, internet-explorer, javascript, recursion


Deep Tracing of Internet Explorer. dynaTrace Ajax looks like an awesome tool. For once, Internet Explorer has a development tool that other browsers can be jealous of.

# 18th November 2009, 8:06 am / ajax, debugging, dynatraceajax, ie, internet-explorer, javascript, john-resig

Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments.

# 17th April 2009, 4:12 pm / base64, browsers, hedgerwang, ie, internet-explorer, mime, php


Microsoft: Big Security Hole in All IE Versions. Looks like a 0-day that’s being actively exploited.

# 16th December 2008, 8:26 pm / 0day, ie, internet-explorer, microsoft, security

Internet explorer mystery #1376. IE executes function definitions inside an “if (0)” block. That frightens me.

# 3rd December 2008, 9:04 am / internet-explorer, javascript, ned-batchelder

IE8 Security Part IV: The XSS Filter (via) IE8 will include an XSS filter to identify and neutralise “reflected” XSS attacks (where malicious code in a query string is rendered to the page), turned on by default. Sounds like a good idea to me, and site authors can disable it using Yet Another Custom HTTP header (X-XSS-Protection: 0).

# 3rd July 2008, 9:37 am / http, ie8, internet-explorer, microsoft, security, xss, xssfilter

Obscure bugs revisited: IE, HTTPS and plugins. Filed for future reference: IE breaks mysteriously if you serve it up plugin content (e.g. Flash) over HTTPS with a no-cache header—it deletes the file from cache before the plugin software gets a chance to open it.

# 30th May 2008, 9:54 am / bugs, caching, flash, https, ie, internet-explorer, plugins, richardterry

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.

# 14th April 2008, 8:18 am / browsers, contenttypes, ie, internet-explorer, security, xss

We've decided that IE8 will, by default, interpret web content in the most standards compliant way it can. This decision is a change from what we've posted previously.


# 4th March 2008, 3 am / ie, ie8, internet-explorer, web-standards

Sunsetting Quirks Mode. Apparently proper standards support in IE (or at least the IE8 renderer) will be triggered by the HTML5 doctype, providing an alternative to those who don’t wish to pollute their markup with an IE-specific meta tag.

# 23rd January 2008, 2:56 pm / browsers, doctypes, html5, ie8, internet-explorer, sam-ruby, xuacompatible

Legacy. James Bennett has what I think is the most interesting analysis of the X-UA-Compatible header to date.

# 23rd January 2008, 2:14 pm / browsers, ie8, internet-explorer, james-bennett, web-standards, xuacompatible

If Web authors actually use this feature, and if IE doesn't keep losing market share, then eventually this will cause serious problems for IE's competitors — instead of just having to contend with reverse-engineering IE's quirks mode and making the specs compatible with IE's standards mode, the other browser vendors are going to have to reverse engineer every major IE browser version, and end up implementing these same bug modes themselves.

Ian Hickson

# 23rd January 2008, 10:07 am / browsers, hixie, ian-hickson, ie8, internet-explorer, web-standards, xuacompatible

No matter what great leaps forward the Internet Explorer team make from now on, the majority of developers won’t use them and the majority of users won’t see them. By doing this the Internet Explorer team may have created their own backwater, shot themselves in the foot and left themselves for dead.

Andy Budd

# 22nd January 2008, 9 pm / andy-budd, ie8, internet-explorer, xuacompatible

The versioning switch is not a browser detect. PPK: “In other words, the versioning switch does not have any of the negative effects of a browser detect.”

# 22nd January 2008, 4:34 pm / browserdetect, browsers, doctypeswitching, ie8, internet-explorer, ppk, web-standards, xuacompatible

Like DOCTYPE switching did in 2000, version targeting negates the vendor argument that existing behaviors can't be changed for fear of breaking web sites. If IE8 botches its implementation of some CSS property or DOM method, the mistake can be fixed in IE9 without breaking sites developed in the IE8 era. This actually makes browser vendors more susceptible to pressure to fix their bugs, and less fearful of doing so.

Eric Meyer

# 22nd January 2008, 2:24 pm / browsers, doctypeswitching, ericmeyer, ie8, internet-explorer, web-standards, xuacompatible

Beyond DOCTYPE: Web Standards, Forward Compatibility, and IE8. This has huge implications for client-side web developers: IE 8 will include the ability to mark a page as “tested and compatible with the IE7 rendering engine” using an X-UA-Compatible HTTP header or http-equiv meta element. It’s already attracting a heated debate in the attached discussion.

# 22nd January 2008, 12:40 pm / browsers, http, ie8, internet-explorer, web-standards, xuacompatible


DebugBar. Suggested at BarCamp London 3 as a useful tool for developing with IE; apparently includes a great JavaScript debugger.

# 25th November 2007, 10:32 am / barcamplondon3, debugbar, debugger, debugging, ie, internet-explorer, javascript

Global namespace pollution in IE. Another reason to avoid JavaScript global variables like the plague: IE creates a bunch of them for you which may well intefere with your own code.

# 10th October 2007, 10:10 am / globals, ie, internet-explorer, javascript

Seeking market share, Microsoft removes WGA anti-piracy check from IE7. Hopefully this will accelerate the rise of IE7 over IE6.

# 5th October 2007, 11:55 pm / browsers, ie, ie6, ie7, internet-explorer, wga

Fixing GC issues on IE 6: New IE download. Microsoft have released Windows Script Host / Script Runtime version 5.7, which apparently cleans up a bunch of IE 6 memory leaks.

# 17th August 2007, 11:50 pm / ie6, internet-explorer, javascript, memoryleaks, microsoft, windowsscripthost

Operation Aborted. Another fantastically obscure IE bug: appending new elements to the HEAD element breaks if a BASE tag is present.

# 16th August 2007, 11:21 am / bugs, ie, internet-explorer, javascript, operationaborted, shauninman

Background Iframe (bgiframe). jQuery plugin that inserts an iframe shim behind an element in IE, allowing the element to be positioned overlapping a select box without the select box showing through.

# 9th August 2007, 2:54 pm / brandon-aaron, ie, iframes, internet-explorer, javascript, jquery, plugins, select

Brendan Eich: New Projects. Exciting new projects from Mozilla. ActionMonkey is joined by IronMonkey (IronPython/IronRuby on Tamarin) and ScreamingMonkey (Tamarin for IE). Upgrading IE’s JavaScript using the Flash Player as a vector is a game-changing idea.

# 26th July 2007, 8:05 pm / actionmonkey, brendaneich, flash, ie, internet-explorer, ironmonkey, ironpython, ironruby, javascript, mozilla, screamingmonkey, tamarin

JavaScript Minifier that doesn’t break code (via) Perl re-implementation of Douglas Crockford’s classic JSMin that doesn’t clobber IE’s conditional comments, by Peter Michaux.

# 4th June 2007, 5:44 pm / conditionalcomments, douglas-crockford, ie, internet-explorer, james-bennett, javascript, jsmin, perl, pete-michaux