IE8: the most complete description of innovations for the programmer (and not only)

Below is the original of my article accepted for publication in the excellent computer magazine C`t, which, unfortunately, has not survived on the market and is still in a very suspended status. The article was not published due to the fact that the issues no longer come out. So I decided to publish it on Habré, since it fits perfectly into the format.

I would immediately note that the article is quite voluminous and some of the information has already been published by me on Habré. The purpose of this article is to combine the maximum amount of information about the new version of Internet Explorer and present it in an acceptable volume.

In the comments accept comments and corrections.

Introduction

Internet Explorer has a long history that began in 1995, when Microsoft released it in August of this year, licensing it from Spyglass, Inc. Since then, more than 10 years have passed and Internet Explorer has managed to conquer the world, winning an absolute majority of users, and its version is about to change to number 8.
')
Despite widespread use, Internet Explorer is notorious among web project developers. This is due to many factors, the main of which, in my opinion, are the sluggish implementation of W3C standards and the very slow transition to new versions among users. Due to the fact that a huge number of users still use outdated browsers, web developers have to support them as well, incorporating all sorts of tricks and so-called hacks into their codes so that the same site looks the same as in Firefox, Safari and Opera browsers , and in all common versions of Internet Explorer.

However, with the release of the eighth version of the browser, Microsoft seems to be trying to smooth out the attitude of developers to their brainchild, offering them long-awaited standards support, while not leaving the support of previous code written for older versions.
This article is intended to show what is new in Internet Explorer 8 for developers, what will change and how to use some of the new and useful things that this browser offers us.

The history of the Internet Explorer browser for the programmer

Coming out in 1995, the first version of IE was not widely used, as was the second version, which included support other than SSL, cookies, things like VRML and RSA. The third version, which was released in 1996, managed to achieve more. It received support for CSS, ActiveX, frames, and Java applets. In the fourth version appeared DHTML and PNG. The fifth version brought support for XML / XSLT, improved support for CSS versions 1 and 2, favicon, HTML Application. The introduction of XMLHttpRequest, which will give a start to the widely used AJAX technology much later, will be especially useful. The sixth version was less generous with innovations: improved DHTML support, partial support for CSS level 1, DOM level 1 and SMIL 2.0. However, the sixth version seems to be the most vulnerable in terms of security version of the browser. In the seventh version of Internet Explorer, IDN support was added, support for CSS, DOM and HTML was slightly improved, support for page compression through Gzip and deflate was improved. However, one of the major fixes was the long-awaited transparency support for PNG files.

Eighth version

The first public beta of Internet Explorer 8 appeared in March 2008. It was reported that the new version will receive a rewritten rendering engine from scratch, that the development team aims to support standards such as CSS 2.1, CSS 3 and HTML 5, that many of the errors of previous versions will be corrected. And the expectations came true, the new version contained numerous changes in HTML and CSS, such as the introduction of the abbr tag, support for automatically generated CSS content, CSS display rules: table, paged media, DOM Storage, XDM, selectors API and much more. In addition, Data support has been added: URI and XDomainRequest for cross-domain exchange, new features have been added to the DOM, support for the ARIA specification has been announced.
After getting acquainted with the new version and its innovations, it seems that Microsoft, finally turned its attention to web developers and undertook to thoroughly redo its browser for the better.

Mechanics of the eighth version. Pretend to be the seventh version

The new version of rendering Internet Explorer can work in three modes:

• Quirks and Strict - work as in IE7, depending on the DOCTYPE, quirks-mode is enabled;
• Standards is the main mode of IE 8, in which standards are implemented as widely as possible.

The development team has provided for the forced support of one mode or another for your old or new pages, which are aimed at displaying in previous versions of the browser and should be displayed normally in version 8.
To set the mode you need, add the meta-tag of the following content to the page:

< meta http-equiv ="X-UA-Compatible" content ="IE=8" />

Here, content - indicates the mode in which the page will be displayed. The main content values ​​are as follows:

• "IE = 7" - includes Strict mode in which all pages are rendered;
• “IE = EmulateIE7” - turns on IE7 compatibility mode, in which, depending on the DOCTYPE, either the standard rendering mode for IE7 (Strict) or quirks mode (Quirks) will be used;
• “IE = EmulateIE8” - the page is forced into the “IE8 Standards” mode regardless of whether the “Compatibility View” compatibility mode is enabled in the user's browser, and quirks pages are displayed in Quirks mode.
• “IE = 8” - the mode of maximum compliance with the standards “IE8 Standards” is activated.

In addition, the content values ​​are not limited to the listed modes. So you can specify values ​​for any other browsers:

< meta http-equiv ="X-UA-Compatible" content ="FF=3" />

In addition to this, the content parameter has a value of "edge", which allows you to indicate support for the most advanced version of the browser:

< meta http-equiv ="X-UA-Compatible" content ="IE=edge" />

In addition to specifying the “meta” tag, there is another way to control the browser mode - this is to send the http header:

X-UA-Compatible: IE = EmulateIE7

Security mechanisms

DEP / NX Memory Protection

The function "Enable memory protection to reduce the risk of attacks from the Internet" is available in the seventh version of the browser, but it is not enabled by default. True, this function does not exist on 64-bit platforms, but only because all processes in 64-bit versions of Windows are protected via DEP. Now, this feature will be enabled by default. Let me remind you that DEP / NX allows you to prevent the execution of code that is marked as data. Thus, the whole layer of attacks, such as buffer overflow, is cut off.

ActiveX Improvements

In the eighth version of Internet Explorer, ActiveX controls can only be installed for a specific user (Per-User ActiveX), which reduces the risk of infection, given that the user does not work under administrator rights. In this case, only the profile of one user is under attack and nothing else.
Per-Site ActiveX is a new technique that allows you to set an ActiveX control to execute only on a single (your own) website and nowhere else. The user can also allow the use, say Silverlight, only on the server where he first needed it. Like everything else, control of the ActiveX installation mechanism will be available to administrators through group policies.

XSS filter

The most interesting, in my opinion, innovation is the built-in XSS-filter, which allows you to protect the user from the “Cross-Site Scripting” attack. To at least approximately estimate the magnitude of the threat from XSS attacks, you can go to XSSed.com, and see which, not the smallest public resources, are subject to these attacks. Any user can potentially be a victim, simply by going to these resources, and now the number of such “leaky” sites has already exceeded 20,000.

Internet Explorer 8 XSS-filter is directed against the so-called xss-attacks. Type1 According to information from Wikipedia, attacks of this type are the most common.

For those sites that for some reason do not want to allow the user to enable protection against XSS on their resources, an option is available in the HTTP headers:

X-XSS-Protection: 0

It may be necessary for those who in their projects used techniques similar to XSS-attacks.

Other security changes

• Added a new function toStaticHTML, which will avoid introducing dangerous code on the page by formatting html-tags, this function does the same as the functions of the Microsoft Anti-Cross Site Scripting Library;
• Internet Explorer 8 implements ECMAScript 3.1 features for working with JSON. To ensure security, an object for working with JSON contains the parse function, which, like toStaticHTML, reliably formats potentially dangerous text;
• In the new version of Internet Explorer, the browser contains improvements in the so-called. MIME-sniffing mechanism. This functionality allows the browser to determine the content of the page not by the "content-type", but by the content. Often, this definition allowed the implementation of dangerous code. Now, for example, with “content-type: image / *”, the embedded html or script code will not be rendered. To control the filter, the developer can use the new authoritative parameter and specify “Content-Type: text / plain; authoritative = true; "and in this case, IE8 will not try to determine the type of content, displaying it according to the instructions in the" Content-Type ";
• New parameters for HTTP headers X-Download-Options: noopen and Content-Disposition: attachment; filename = untrustedfile.html allows you to force the browser to save the content instead of displaying it. This may be necessary in cases where a web application needs to send a page with unsafe content to a user. If you save it on the client and then open it, these pages will not work in the context of the server, which will keep it safe;
• in the File Upload control, for security reasons, the status of the input field is now changed to read-only. In addition to this, for the same purpose, IE8 will no longer send the full path of the file, only its name will be sent instead.

CSS related changes

CCS expressions

One of the principal decisions of the Internet Explorer development team in terms of supporting CSS is the abandonment of so-called CCS expressions. These expressions made it possible to integrate JavaScript expressions into CSS code for manipulating the contents of css parameters. CSS expressions in Internet Explorer 8 will be disabled by default. Among the reasons cited are safety and high costs in terms of performance. However, support for CSS expressions will remain in the Strict and Quirks compatibility modes, to support the code already written.

Change in property naming

Microsoft has changed the naming convention for some CSS properties. Now all "non-standard properties" get the prefix "-ms-". In order to fully comply with CSS 2.1 in IE 8, such a prefix received properties suitable for the following conditions:

• if the property is an extension of Microsoft (not defined in the specification or CSS module);
• if the property is part of a CSS specification or module that has not received the Candidate Recommendation status from the W3C;
• if the property only partially implements the property defined in the CSS specification.

Here is a list of properties that received the prefix "-ms-" (indicating the reason):

Property	Type	W3C Status
-ms- accelerator	Extension
-ms- background-position-x	CSS3	Working draft
-ms- background-position-y	CSS3	Working draft
-ms- behavior	Extension
-ms- block-progression	CSS3	Editor's Draft
-ms- filter	Extension
-ms- ime-mode	Extension
-ms- layout-grid	CSS3	Editor's Draft
-ms- layout-grid-char	CSS3	Editor's Draft
-ms- layout-grid-line	CSS3	Editor's Draft
-ms- layout-grid-mode	CSS3	Editor's Draft
-ms- layout-grid-type	CSS3	Editor's Draft
-ms- line-break	CSS3	Working draft
-ms- line-grid-mode	CSS3	Editor's Draft
-ms- interpolation-mode	Extension
-ms- overflow-x	CSS3	Working draft
-ms- overflow-y	CSS3	Working draft
-ms- scrollbar-3dlight-color	Extension
-ms- scrollbar-arrow-color	Extension
-ms- scrollbar-base-color	Extension
-ms- scrollbar-darkshadow-color	Extension
-ms- scrollbar-face-color	Extension
-ms- scrollbar-highlight-color	Extension
-ms- scrollbar-shadow-color	Extension
-ms- scrollbar-track-color	Extension
-ms- text-align-last	CSS3	Working draft
-ms- text-autospace	CSS3	Working draft
-ms- text-justify	CSS3	Working draft
-ms- text-kashida-space	CSS3	Working draft
-ms- text-overflow	CSS3	Working draft
-ms- text-underline-position	Extension
-ms- word-break	CSS3	Working draft
-ms- word-wrap	CSS3	Working draft
-ms- writing-mode	CSS3	Editor's Draft
-ms- zoom	Extension

Developers understand that many sites will have to convert old values ​​to new ones, so old values, although they will be considered obsolete, will be supported in the eighth version for compatibility. When developing new code for IE 8, only new naming should be used.

Filter property

Changes affected such properties as filter. Previously, unfortunately, the filter syntax was not consistent with CSS 2.1. For example, in the specified code, commas were considered invalid.

filter: progid:DXImageTransform.Microsoft.Alpha(Opacity=80, FinishOpacity=70, Style=2);

In the new version of the browser, the filter syntax is adapted to the requirements of the CSS specification:

-ms-filter: «progid:DXImageTransform.Microsoft.Alpha(Opacity=80, FinishOpacity=70, Style=2)»;

It is easy to see that in the new syntax the value of the property is in quotes.

CSS 2.1 support

For a more complete implementation of CSS 2.1 added support for the following pseudo-classes:

• : active (instead of partial support, will be complete)
• : focus
• : lang ©
• @page: first
• @page: left
• @page: right

The last three are not available in beta2, but will be added to the final version. In addition, support has been added for the following pseudo-elements:

• : before
• after

The following elements will be supported in full instead of partial support or added:

• list-style-type
• background-position
• font-weight
• white-space
• word-spacing
• content
• counter-increment
• counter-reset
• quotes
• border-collapse
• border-spacing
• border-style
• caption-side
• empty-cells
• bottom
• display
• left
• right
• top
• z-index
• orphans
• page-break-inside
• widows
• outline
• outline-color
• outline-style
• outline-width
• box-sizing (CSS 3 element)

CSS functions

In addition to the existing support for the url () function, the eighth version will add support for two more functions counter () and attr ().

JavaScript and AJAX in IE8

To help programmers, the Internet Explorer development team has made significant changes and innovations in the JavaScript mechanism.

XDomainRequest (XDR)

XDR is a new object similar to XMLHttpRequest, but which is designed to exchange information through domains. The XDR syntax matches the W3C Access Control for Cross-Site Requests draft.

Cross document Messaging (XDM)

XDM is another technology that allows you to exchange text messages with frames from different domains that are located on the same page. This exchange occurs through the HTML postMessage method:

var testframe = document .getElementsByTagName( 'iframe' )[0];
testframe.contentWindow.postMessage( '!' );

In order to receive such a message, the document in the frame must register the handler of the “onmessage” message:

document .attachEvent( 'onmessage' , function (e) {
…
});

Dom storage

DOM Storage is a mechanism that allows you to store data on the client side without resorting to the cookie mechanism. Unlike cookies, DOM storage does not have a number of restrictions: the size of the stored data is significantly increased, DOM storage data is not sent to the server with each request, and you can control how the information stored in DOM storage will be visible in other windows.
Internet Explorer has three objects for working with DOM storage:

• window.sessionStorage - designed to store data for the lifetime of the browser tab, data is available from different pages while the context of the tab is in effect. Data is not restored if an exception occurred or the browser was closed;
• window.localStorage - designed for long-term data storage (about 10 MB) for each domain and subdomain, and domains and subdomains can receive data from each other, but the subdomains cannot receive data from another subdomain;
• Storage object - implements the logic for both sessionStorage and localStorage, contains the necessary methods, properties and events.

Below is a small example of how to work with DOM storage:

localStorage.setItem( "name" , "" );
…
var name = localStorage.getItem( "name" );

XMLHttpRequest

XMLHttpRequest received a new timeout property that allows you to set the number of milliseconds that the host will wait for a response, after which the ontimeout event will occur:

var xhr = new XMLHttpRequest();
xhr.timeout = 10000;
xhr.ontimeout = onTimeout;
…
function onTimeout ()
{
alert( "timeout!" );
}

New features

Internet Explorer 8 JavaScript has also added several features:

• ToStaticHTML — Formats the source string so that it replaces tagged strings with safe strings to prevent XSS attacks;
• toJSON, JSON.parse, JSON.stringify - used to work with a string containing json-data, lead object. The syntax of the function is based on ECMAScript 3.1.

Developer Tools tool. Javascript profiler

In the eighth version of Internet Explorer, to the joy of programmers, a tool has been added that can fight the widely used Firebug add-on for the Firefox browser. This tool is simply called Developer Tools and represents the following panel:

The panel contains the following tools and functions:

• inspection html-code pages;
• view and edit applied styles;
• selection of an element by hovering the mouse;
• built-in powerful JavaScript debugger;
• block scripts, css, pop-ups;
• display on the displayed page information about the Id and class of elements, links;
• highlighting of elements by type, by positioning and other parameters;
• manage images on the page, view information;
• built-in dynamic ruler;
• built-in color picker;
• references to validation.

In addition, this panel contains remarkable functionality - a JavaScript code profiler:

This tool makes it easy to track down bottlenecks in your javascript code and thereby improve website performance and page load speed.

Conclusion

In this article, I tried to consider the new features of Internet Explorer that it provides to the programmer. As it turned out, the new version of the browser carries a lot of changes, improvements, fixes and additions for developers of web-projects. At the time of this writing, the latest version of Internet Explorer 8 was beta2, but it’s already noticeable that Microsoft paid close attention to its browser and significantly improved it. For developers, it is important to be aware of trends in the web. Developing a new version of the popular browser is one of these trends. I hope that this material has helped the developers to increase their knowledge and be aware of some of the new features that the final version of Internet Explorer 8 will offer.