Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
What’s New In Internet Explorer 7? Chris Wilson PRS203 Group Program Manager, IE Platform & Security Microsoft Corporation 1 Internet Explorer Many different things to many different people End users U Web designers D Web application developers A Commercial developers of IE add-ons C Infrastructure: network admins, CAs, etc. I 2 Pillars of Internet Explorer 7 Amazing User Experience Secure and Trustworthy Browsing Powerful Web Developer Platform 3 Amazing User Experience Browse…Search…Subscribe U Tabbed Browsing High-quality page zoom Great new print experience Integrated subscription platform 4 Demo IE7 User Experience 5 Amazing User Experience Flexible Subscription platform We provide… Feed Discovery (in IE) Common Platform U D A Feedlist, storage, parser, sync engine List extensions to RSS 6 Amazing User Experience OpenSearch 1.1 and extending search An open way to describe search providers Developed in cooperation with A9.com Provided under Creative Commons license U D OpenSearch 1.1 Description Document Allows search output in HTML as well as RSS Script API prompts user to add provider: window.external.AddSearchProvider( “http://mysearch.com/search.odd” ) I 7 Secure and Trustworthy Browsing Security is job #1 U Dynamic protection against web fraud D Full user control over add-ons A Advanced malware protection C I 8 Secure and Trustworthy Browsing Dynamic protection against web fraud Anti-phishing service integrated into IE User experience highlights security Clear secure connection user experience Pop up windows identified with their URL “One Click Cleanup” feature to wipe history, cache, etc. Integration of Parental Control (Vista) U D A I 9 Demo IE7 Trustworthy Browsing – Web fraud protection 10 Secure and Trustworthy Browsing Full control over add-ons Explicit user consent is required on first run of installed ActiveX controls Users can easily enable preinstalled controls through the same Info Bar as new controls Add-ons Disabled Mode for recovery U D A C I 11 Secure and Trustworthy Browsing Impeding critical exploits – URL handling Special characters complicate URL parsing, e.g. http://[email protected] U URLs are often passed as strings, and some components parse inconsistently In IE7, we have a single URL parsing object This API (IURI) is exposed for other apps to use Also adds International Domain Name (IDN) Secure defaults to prevent spoofing C I 12 Secure and Trustworthy Browsing Impeding critical exploits – cross-domain javascript: protocol now runs in-page Now, <img src=“javascript:foo()”> doesn’t navigate – we strip “javascript:” off and run as script inside the page context Objects handling data by reference must understand HTTP redirects We’ve always had redirect notifications – but now we lock the data if the object doesn’t understands redirects. Objects that aren’t redirect-aware can’t get access to the data. I 13 Secure and Trustworthy Browsing Advanced malware protection Malicious web pages often install malware or modify files by exploiting buffer overruns or other critical security exploits in IE or addons U Solution: Protected Mode Reduces the severity of threats to IE and add-ons running in IE by eliminating the silent install of malicious code on the user’s system Protects registry, file system from silent malware installs Does NOT prevent running Win32 code C I 14 Secure and Trustworthy Browsing Protected Mode summary Protected Mode restricts IE from writing files outside of the Temporary Internet Files folder U IE’s process has fewer write privileges than normal User Protected Mode builds on the Windows Vista Mandatory Integrity Control (MIC), which restricts writes This means Protected Mode is Windows Vista only! When IE needs to write outside of the TIF folder (e.g. File…Save As), we have a broker process with appropriate privileges to do so Compatibility layer for add-ons to elevate privs C I 15 Secure and Trustworthy Browsing Protected Mode changes ActiveX install Same as XPSP2 with a new UAP credential prompt U C I 16 Secure and Trustworthy Browsing Protected Mode changes toolbar install Same as XPSP2 with a new UAP credential prompt U C I 17 Architectural Overview Admin rights Admin rights (Highrequired IL) required User Broker (Medium IL) Mandatory Integrity Control Admin Broker (High IL) Internet Explorer 6 running Quicktime Protected Mode InternetActiveX Explorer running the Ebay Toolbar and Quicktime ActiveX At a Low Integrity Level (Low IL) User rights required User rights (Medium IL) required Install ActiveX Install ActiveX And Toolbars Install Toolbars Download Docs Download Docs Save/Change Settings Save/Change Settings Allow Add-ons to Elevate Low rights (Low IL) required C Cache Web Content Compat Layer Save/Change Add-on Settings I 18 Secure and Trustworthy Browsing Protected Mode – compatibility features Intranet/Trusted Sites/LM don’t run in PM U Add-ons can restore impacted functionality In-proc add-ons (ActiveX controls, toolbars) File writes get re-routed to the TIF via compat layer Registry writes get re-routed to a virtual registry Can call “Save As” API to save files outside of the TIF Out-of-proc add-ons (DocObject servers, etc) Get Protected Mode’s restrictions by default Can elevate privilege if user allows C I 19 Secure and Trustworthy Browsing IE Compatibility Evaluator in XPSP2 Identifies features blocking app functionality In the Windows App Compatibility Toolkit 4.0 Blogged on IEBlog in March: D A http://blogs.msdn.com/ie/archive/2005/03/17/398435.aspx I 20 Powerful Web Dev Platform “Don’t break the Internet” “Quirks mode” stays the same - many platform changes are only in “strict mode” D We do change behavior under strict mode A <?xml> prolog doesn’t prevent strict mode I 21 Powerful Web Dev Platform Fixing the top problems Fixed some serious issues in IE 6 layout Incompatibilities with the latest CSS standard, as well as some nasty bugs in the engine We’ve knocked out the top bugs on quirksmode.org and positioniseverything.net, as well as other problems D A I 22 Powerful Web Dev Platform Layout issues in short… positioniseverything.ne t Partial bug list Peekaboo Bug Quirky Percentages In IE6's Formatting Model IE/Win Line-height Bug D IE6 Border Chaos Disappearing List-Background Bug Guillotine Bug A Unscrollable Content Bug IE 6 Duplicate Characters Bug Doubled Float-Margin Bug Duplicate Indent Bug Three Pixel Text Jog I Creeping Text Bug Missing First Letter Bug …and many more issues. 23 Powerful Web Dev Platform Adding the most requested features Added top requested standards features PNG alpha channel support All CSS 2 Selectors First-child, adjacent, attribute, child etc. CSS 2 fixed positioning CSS 2 :hover pseudo-class works on all elements Polished HTML 4.01 support D A I <abbr> element, <object> fallback 24 Powerful Web Dev Platform Adding the most requested features Native XMLHTTPRequest Better enables DHTML/Atlas applications No longer subject to ActiveX being enabled <select> element now windowless D A Can be visually layered w/ other elements Even more complete documentation I 25 Demo IE7 Web Platform Advancements 26 Powerful Web Dev Platform Web developer toolbar IE toolbar providing a rich tool set for exploring DHTML and CSS with object model and visual tools D A Downloadable Beta available shortly Runs on IE6+ 27 Demo IE Web Developer Toolbar 28 Key Takeaways We thought this Internet thing would be big one day… We’re providing more containment as well as better arming users to make informed decisions about their system security We’re working hard to improve our web platform We want your continued feedback to put out better and better versions of the platform for you My email address is [email protected] (Please put “IE feedback” in the title, and please DON’T email [email protected] – he’s not the same guy) 29 Call To Action What should you do? Make sure your IE components (ActiveX, BHOs, toolbars) are prepared for changes Give us feedback - [email protected] Build web applications! Use the rich platform of IE, DHTML, Atlas and WPF 30 Community Resources At PDC For more information on RSS, go see DAT320: Windows Vista: Building RSS Enabled Applications (Thursday @ 14:15) Hands-on Lab: DATHOL08: RSS in Longhorn For more on IE in general, or other specific issues: PNL06: What’s Next for Microsoft’s Web Platform? (Friday @ 8:30) Presentation Track Lounge: IE team members are hanging out there Ask The Experts event: stop by the IE table After PDC IE Dev Center on MSDN: http://msdn.microsoft.com/ie/ IE Team Blog: http://blogs.msdn.com/IE/ - #1 on MSDN! IE feedback alias: [email protected] If you missed these related PDC sessions, watch them on the DVD PRS200: Choosing the Right Presentation Technology FUNL03: Case Study: Building a More Secure Browser in IE7 31 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. 32