Upload
ann-miles
View
217
Download
0
Embed Size (px)
Citation preview
1
What’s New In What’s New In Internet Explorer 7?Internet Explorer 7?
Chris WilsonChris WilsonPRS203 PRS203 Group Program Manager, IE Platform & Group Program Manager, IE Platform & SecuritySecurityMicrosoft CorporationMicrosoft Corporation
2
Internet ExplorerInternet ExplorerMany different things to many different Many different things to many different peoplepeople
End usersEnd users
Web designersWeb designers
Web application developersWeb application developers
Commercial developers of IE add-onsCommercial developers of IE add-ons
Infrastructure: network admins, CAs, Infrastructure: network admins, CAs, etc.etc.
U
D
A
C
I
3
Pillars of Internet Explorer 7Pillars of Internet Explorer 7
Amazing User ExperienceAmazing User Experience
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsing
Powerful Web Developer Powerful Web Developer PlatformPlatform
4
Amazing User ExperienceAmazing User ExperienceBrowse…Search…SubscribeBrowse…Search…Subscribe
Tabbed BrowsingTabbed Browsing
High-quality page zoomHigh-quality page zoom
Great new print experienceGreat new print experience
Integrated subscription Integrated subscription platformplatform
U
5
DemoDemo
IE7 User ExperienceIE7 User Experience
6
Amazing User ExperienceAmazing User ExperienceFlexible Subscription platformFlexible Subscription platform
We provide…We provide…
Feed Discovery (in IE)Feed Discovery (in IE)
Common PlatformCommon PlatformFeedlist, storage, parser, sync Feedlist, storage, parser, sync engineengine
List extensions to RSSList extensions to RSS
U
D
A
7
Amazing User ExperienceAmazing User ExperienceOpenSearch 1.1 and extending OpenSearch 1.1 and extending searchsearch
An open way to describe search An open way to describe search providersproviders
Developed in cooperation with A9.com Developed in cooperation with A9.com Provided under Creative Commons Provided under Creative Commons license license
OpenSearch 1.1 Description OpenSearch 1.1 Description DocumentDocument
Allows search output in HTML as well as Allows search output in HTML as well as RSSRSS
Script API prompts user to add Script API prompts user to add provider:provider:
window.external.AddSearchProvider( window.external.AddSearchProvider( “http://mysearch.com/search.odd” ) “http://mysearch.com/search.odd” )
U
D
I
8
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingSecurity is job #1Security is job #1
Dynamic protection against web Dynamic protection against web fraudfraud
Full user control over add-onsFull user control over add-ons
Advanced malware protectionAdvanced malware protection
U
D
A
C
I
9
Anti-phishing service integrated Anti-phishing service integrated into IEinto IE
User experience highlights User experience highlights securitysecurity
Clear secure connection user Clear secure connection user experienceexperience
Pop up windows identified with their Pop up windows identified with their URLURL
““One Click Cleanup” feature to wipe One Click Cleanup” feature to wipe history, cache, etc.history, cache, etc.
Integration of Parental Control Integration of Parental Control (Vista(Vista))
U
D
A
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingDynamic protection against web Dynamic protection against web fraudfraud
10
DemoDemo
IE7 Trustworthy Browsing – Web fraud IE7 Trustworthy Browsing – Web fraud protectionprotection
11
ExplicitExplicit user consent is user consent is required on required on first run of first run of installed ActiveX controlsinstalled ActiveX controls
Users can easily enable pre-Users can easily enable pre-installed controls through the installed controls through the same Info Bar as new controlssame Info Bar as new controls
Add-ons Disabled Mode for Add-ons Disabled Mode for recoveryrecovery
U
D
A
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingFull control over add-onsFull control over add-ons
12
Special characters complicate URL Special characters complicate URL parsing, e.g. parsing, e.g. http://[email protected]://[email protected]
URLs are often passed as strings, and URLs are often passed as strings, and some components parse inconsistentlysome components parse inconsistently
In IE7, we have a single URL parsing In IE7, we have a single URL parsing objectobject
This API (IURI) is exposed for other apps This API (IURI) is exposed for other apps to useto use
Also addsAlso adds International Domain Name International Domain Name (IDN)(IDN)
Secure defaults to prevent spoofing Secure defaults to prevent spoofing
U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingImpeding critical exploits – URL Impeding critical exploits – URL handlinghandling
13
javascript: protocol now runs in-pagejavascript: protocol now runs in-pageNow, Now, <img src=“javascript:foo()”><img src=“javascript:foo()”> doesn’t navigate – we strip “javascript:” doesn’t navigate – we strip “javascript:” off and run as script inside the page off and run as script inside the page contextcontext
Objects handling data by reference Objects handling data by reference must understand HTTP redirectsmust understand HTTP redirects
We’ve always had redirect notifications We’ve always had redirect notifications – but now we lock the data if the object – but now we lock the data if the object doesn’t understands redirects. Objects doesn’t understands redirects. Objects that aren’t redirect-aware can’t get that aren’t redirect-aware can’t get access to the data.access to the data.
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingImpeding critical exploits – cross-Impeding critical exploits – cross-domaindomain
14
Malicious web pages often install Malicious web pages often install malware or modify files by exploiting malware or modify files by exploiting buffer overruns or other critical buffer overruns or other critical security exploits in IE or add-onssecurity exploits in IE or add-ons
Solution: Solution: Protected ModeProtected ModeReduces the severity of threats to IE and Reduces the severity of threats to IE and add-ons running in IE by eliminating the add-ons running in IE by eliminating the silent install of malicious code on the user’s silent install of malicious code on the user’s systemsystem
Protects registry, file system from silent Protects registry, file system from silent malwarmalware installse installsDoes NOT prevent running Win32 codeDoes NOT prevent running Win32 code
U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingAdvanced malware protectionAdvanced malware protection
15
Protected Mode restricts IE from writing Protected Mode restricts IE from writing files outside of the Temporary Internet Files files outside of the Temporary Internet Files folderfolder
IE’s process has fewer write privileges than IE’s process has fewer write privileges than normal Usernormal User
Protected Mode builds on the Windows Vista Protected Mode builds on the Windows Vista Mandatory Integrity Control (MIC), which Mandatory Integrity Control (MIC), which restricts writesrestricts writes
This means Protected Mode is This means Protected Mode is Windows Vista Windows Vista only!only!
When IE needs to write outside of the TIF When IE needs to write outside of the TIF folder (e.g. File…Save As), we have a folder (e.g. File…Save As), we have a broker process with appropriate privileges broker process with appropriate privileges to do soto do so
Compatibility layer for add-ons to elevate Compatibility layer for add-ons to elevate privsprivs
U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingProtected Mode summaryProtected Mode summary
16
Same as XPSP2 with a new UAP credential Same as XPSP2 with a new UAP credential promptprompt U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingProtected Mode changes ActiveX Protected Mode changes ActiveX installinstall
17
Same as XPSP2 with a new UAP credential Same as XPSP2 with a new UAP credential promptprompt U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingProtected Mode changes toolbar Protected Mode changes toolbar installinstall
18
Protected Mode Internet Explorer running the Ebay Toolbar and Quicktime ActiveX At a Low Integrity Level (Low IL)
Low rights (Low IL) required
Mandatory Integrity Control
Cache Web Content
Compat LayerSave/Change
Add-on Settings
Internet Explorer 6 running Quicktime ActiveX Admin rights required
User rights required
Install ActiveXAnd Toolbars
Download DocsSave/Change Settings
Cache Web Content
Protected Mode Internet Explorer running the Ebay Toolbar and Quicktime ActiveX At a Low Integrity Level (Low IL)
Admin Broker (High IL)
User Broker (Medium IL)
Admin rights (High IL) required
User rights (Medium IL) required
Low rights (Low IL) required
Install ActiveX
Install ToolbarsDownload Docs
Save/Change SettingsAllow Add-ons to Elevate
Mandatory Integrity Control
Cache Web Content
Compat LayerSave/Change
Add-on Settings
Architectural OverviewArchitectural OverviewProtected Mode Internet Explorer running the Ebay Toolbar and Quicktime ActiveX At a Low Integrity Level (Low IL)
User Broker (Medium IL)
User rights (Medium IL) required
Low rights (Low IL) required
Install ToolbarsDownload Docs
Save/Change SettingsAllow Add-ons to Elevate
Mandatory Integrity Control
Cache Web Content
Compat LayerSave/Change
Add-on Settings
C
I
19
Intranet/Trusted Sites/LM don’t run in Intranet/Trusted Sites/LM don’t run in PMPM
Add-ons can restore impacted Add-ons can restore impacted functionalityfunctionality
In-proc add-ons (ActiveX controls, In-proc add-ons (ActiveX controls, toolbars)toolbars)
File writes get re-routed to the TIF via File writes get re-routed to the TIF via compat layercompat layerRegistry writes get re-routed to a virtual Registry writes get re-routed to a virtual registryregistryCan call “Save As” API to save files outside of Can call “Save As” API to save files outside of the TIFthe TIF
Out-of-proc add-ons (DocObject servers, Out-of-proc add-ons (DocObject servers, etc)etc)
Get Protected Mode’s restrictions by defaultGet Protected Mode’s restrictions by defaultCan elevate privilege if user allowsCan elevate privilege if user allows
U
C
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingProtected Mode – compatibility Protected Mode – compatibility featuresfeatures
20
Identifies features blocking app Identifies features blocking app functionalityfunctionality
In the Windows App Compatibility Toolkit In the Windows App Compatibility Toolkit 4.04.0
Blogged on IEBlog in March:Blogged on IEBlog in March:http://blogs.msdn.com/ie/archive/http://blogs.msdn.com/ie/archive/
2005/03/17/398435.aspx2005/03/17/398435.aspx
D
A
I
Secure and Trustworthy Secure and Trustworthy BrowsingBrowsingIE Compatibility Evaluator in XPSP2IE Compatibility Evaluator in XPSP2
21
Powerful Web Dev Powerful Web Dev PlatformPlatform“Don’t break the Internet”“Don’t break the Internet”
““Quirks mode” stays the same - many Quirks mode” stays the same - many platform changes are only in “strict platform changes are only in “strict mode”mode”
We We dodo change behavior under strict change behavior under strict modemode
<?xml> prolog doesn’t prevent strict <?xml> prolog doesn’t prevent strict modemode
D
A
I
22
Fixed some serious issues in IE 6 Fixed some serious issues in IE 6 layoutlayout
Incompatibilities with the latest CSS Incompatibilities with the latest CSS standard, as well as some nasty bugs in standard, as well as some nasty bugs in the enginethe engine
We’ve knocked out the top bugs on We’ve knocked out the top bugs on quirksmode.org and quirksmode.org and positioniseverything.net, as well as other positioniseverything.net, as well as other problemsproblems
D
A
I
Powerful Web Dev Powerful Web Dev PlatformPlatformFixing the top problemsFixing the top problems
23
Peekaboo Bug Peekaboo Bug Quirky Percentages In IE6's Quirky Percentages In IE6's Formatting Model Formatting Model IE/Win Line-height Bug IE/Win Line-height Bug IE6 Border Chaos IE6 Border Chaos Disappearing List-Background Bug Disappearing List-Background Bug Guillotine Bug Guillotine Bug Unscrollable Content Bug Unscrollable Content Bug IE 6 Duplicate Characters Bug IE 6 Duplicate Characters Bug Doubled Float-Margin Bug Doubled Float-Margin Bug Duplicate Indent BugDuplicate Indent BugThree Pixel Text Jog Three Pixel Text Jog Creeping Text BugCreeping Text BugMissing First Letter Bug Missing First Letter Bug ……and many more issues.and many more issues.
positioniseverything.net
D
A
I
Partial bug list
Powerful Web Dev Powerful Web Dev PlatformPlatformLayout issues in short…Layout issues in short…
24
Added top requested standards Added top requested standards featuresfeatures
PNG aPNG alpha channel supportlpha channel support
All CSS 2 SelectorsAll CSS 2 SelectorsFirst-child, adjacent, attribute, child etc.First-child, adjacent, attribute, child etc.
CSS 2 fixed positioningCSS 2 fixed positioning
CSS 2 :hover pseudo-class works on all CSS 2 :hover pseudo-class works on all elementselements
Polished HTML 4.01 supportPolished HTML 4.01 support<abbr> element, <object> fallback<abbr> element, <object> fallback
D
A
I
Powerful Web Dev Powerful Web Dev PlatformPlatformAdding the most requested Adding the most requested featuresfeatures
25
Native Native XMLHTTPRequestXMLHTTPRequestBetter enables DHTML/Atlas applicationsBetter enables DHTML/Atlas applications
No longer subject to ActiveX being No longer subject to ActiveX being enabledenabled
<select> element now <select> element now windowlesswindowless
Can be visually layered w/ other Can be visually layered w/ other elementselements
Even more complete Even more complete documentationdocumentation
D
A
I
Powerful Web Dev Powerful Web Dev PlatformPlatformAdding the most requested Adding the most requested featuresfeatures
26
DemoDemo
IE7 Web Platform AdvancementsIE7 Web Platform Advancements
27
IE toolbar providing a rich tool set IE toolbar providing a rich tool set for exploring DHTML and CSS for exploring DHTML and CSS with object model and visual with object model and visual toolstools
Downloadable Beta available Downloadable Beta available shortlyshortly
Runs on IE6+Runs on IE6+
D
A
Powerful Web Dev Powerful Web Dev PlatformPlatformWeb developer toolbarWeb developer toolbar
28
DemoDemo
IE Web Developer ToolbarIE Web Developer Toolbar
29
Key TakeawaysKey TakeawaysWe We thoughtthought this Internet thing would be big one this Internet thing would be big one day…day…
We’re providing more containment as well We’re providing more containment as well as better arming users to make informed as better arming users to make informed decisions about their system securitydecisions about their system security
We’re working hard to improve our web We’re working hard to improve our web platformplatform
We want your continued feedback to put We want your continued feedback to put out better and better versions of the out better and better versions of the platform for youplatform for you
My email address is My email address is [email protected]@microsoft.com(Please put “IE feedback” in the title, and please (Please put “IE feedback” in the title, and please DON’T email cwilsoDON’T email [email protected] – he’s not the @microsoft.com – he’s not the same guy)same guy)
30
Call To ActionCall To ActionWhat should you do?What should you do?
Make sure your IE components Make sure your IE components (ActiveX, BHOs, toolbars) are (ActiveX, BHOs, toolbars) are prepared for changesprepared for changes
Give us feedback - Give us feedback - [email protected]@microsoft.com
Build web applications!Build web applications!
Use the rich platform of IE, DHTML, Atlas Use the rich platform of IE, DHTML, Atlas and WPFand WPF
31
Community ResourcesCommunity ResourcesAt PDCAt PDC
For more information on RSS, go seeFor more information on RSS, go seeDAT320: Windows Vista: Building RSS Enabled Applications DAT320: Windows Vista: Building RSS Enabled Applications (Thursday @ 14:15)(Thursday @ 14:15)Hands-on Lab: DATHOL08: RSS in LonghornHands-on Lab: DATHOL08: RSS in Longhorn
For more on IE in general, or other specific issues:For more on IE in general, or other specific issues:PNL06: What’s Next for Microsoft’s Web Platform? (Friday @ PNL06: What’s Next for Microsoft’s Web Platform? (Friday @ 8:30)8:30)Presentation Track Lounge: IE team members are hanging Presentation Track Lounge: IE team members are hanging out thereout thereAsk The Experts event: stop by the IE tableAsk The Experts event: stop by the IE table
After PDCAfter PDCIE Dev Center on MSDN: IE Dev Center on MSDN: http://msdn.microsoft.com/ie/http://msdn.microsoft.com/ie/IE Team Blog: IE Team Blog: http://blogs.msdn.com/IE/http://blogs.msdn.com/IE/ - #1 on MSDN! - #1 on MSDN!IE feedback alias: IE feedback alias: [email protected]@microsoft.comIf you missed these related PDC sessions, watch them on If you missed these related PDC sessions, watch them on the DVDthe DVD
PRS200: Choosing the Right Presentation TechnologyPRS200: Choosing the Right Presentation TechnologyFUNL03: Case Study: Building a More Secure Browser in IE7FUNL03: Case Study: Building a More Secure Browser in IE7
32
© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.