Browser news

Join members of the Internet Explorer team for an Expert Zone chat next Thursday, September 11th  at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team. Thank you to all who have attended the chats to date!

If you can’t join us online, all chat transcripts are published here.

Hope you can join us on Thursday for our first chat sine IE8 Beta 2 released!

Kristen Kibble
Program Manager

P.S. Upcoming IE chat dates are posted here.

edit: The chat is really in September. :)

Thats right, Opera 9.6 is soon ready for its first beta flight. We have now frozen all features and only critical fixes go in. Really soon now, the beta will be released, but we want more feedback from you guys before we do so.

Changelog

• Added Core version (currently "Presto/2.1.1") to the User-Agent header; all our products will include this feature soon
  
• Sites using HTTP Auth are now saved in typed history
  
• Added setting to prevent bookmarks from showing in the Address field auto-completion drop-down
  
• Properly stop loading pages with iframes when closing the page or pressing stop
  
• Fixed problem where dynamically added xml-stylesheet processing instructions were ignored
  
• Removed the document property from iframe objects for compatibility with Gecko, WebKit, and the Acid3 test
  
• Added support for the caller property on functions
  
• Fixed yet another case of having to press the back button twice
  
• Improvements to feed preview page
  
• Made feed preview page template location customizable
  
• Made reloading Speed Dial while offline actually reload all thumbnails
  
• Fixed Opera Link issue where notes could end up blank after being synced
  
• The Opera Link queue file is no longer created before using Link
  
• The fraud protection dialog now works when using a proxy
  
• Made it possible to remove Speed Dial search again by unchecking the "Use as default Speed Dial search"
  
• Fixed text input on Windows Tablet PC Edition 2005
  
• Fixed open/save of images in Opera Mail when using the image context menu
  
• Made all top-level access points (except All Messages) selectable
  
• Fixed a problem deleting drafts from the Drafts view
  
• UNIX: Additional fixes to flash plugin handling. Freezes when using flash should now be mostly gone.
  

Download
Windows
Windows Classic
Macintosh
UNIX

In March I wrote about the Developer Tools in Internet Explorer 8 Beta 1 and outlined three key benefits:

• Integrated and simple-to-use
• Provide a visual interface to the platform
• Enable fast experimentation

Internet Explorer 8 Beta 2 brings the Developer Tools closer to realizing the full potential of these benefits with significant improvements to existing features and new functionality meant to make you more productive.

Profiling and Debugging JScript

Beta 1 introduced a JScript debugger that lets you easily debug Jscript within Internet Explorer. In Beta 2, we’ve made a few great improvements: it now supports console.log, just-in-time debugging, and has better usability through changes like an improved file chooser.

However, the debugger only helps get your site working properly and you need to make sure your site works optimally. That’s why Beta 2 includes a built-in JScript profiler. Use it to build high-performance web applications in Internet Explorer by finding hotspots and comparing different design patterns. Simply press ‘Start Profiling’, perform you scenario, and press ‘Stop Profiling’ to view profile data for all JScript, including built-in methods.

Keep following the IEBlog for more details about these great features. You can also read our online documentation on script debugging and script profiling.

Working with HTML and CSS

While Beta 1 supported live editing of only HTML attributes, Beta 2 brings this functionality to all of HTML and CSS. With live editing of CSS, just click a property name, value, or selector, type a new value, and press ENTER.

If you need to change HTML tag names, reorder, or add/remove elements, use full-text editing. Press ‘Edit’ in the toolbar of the HTML tab to make the full HTML editable. Press it again to commit your changes and return to tree view. This uses innerHTML so the same rules about running script apply as if you made the changes through JScript with innerHTML.

Changes made in the tools last only until the page refreshes or you navigate away. While this lightweight editing is helpful, it also makes it easy to lose changes. Beta 2 lets you save the current HTML and CSS to a text file so you have a reference when updating your source. The data in the tools comes from Internet Explorer rather than your source and thus might contain changes beyond edits you made with the tools so the default file format is txt to prevent accidental overwrites of the original source. A good way to identify just your changes is to save the HTML from the page before and after your changes and use a tool like windiff.

Testing Compatibility

The Developer Tools have two menus for compatibility: “Browser Mode” and “Document Mode”. “Browser Mode” lets you modify how IE behaves as well as how it reports its version to servers and web sites.  This lets you use IE8 to test what your site looks like in IE7 and what your site looks like for users in IE8 who pressed “Compatibility View”. “Browser Mode” affects the user agent string, version vector used when evaluating conditional comments, and the rendering mode.

“Document Mode” lets you test what your site would look like if you changed its rendering mode by using a different doctype or the meta tag.

You’ll also notice that the menus always display the current mode so the information’s available with zero clicks.

Simple to Use

From the start, we’ve worked to make the tools user-friendly. We made them part of every IE8 installation so you didn’t have to install anything extra, built per-instance script debugging so you don’t constantly find yourself in the ‘Advanced’ tab of Internet Options, and worked to reduce the clicks needed for common tasks. In Beta 2, we’ve made a few important changes that should make the tools even better.

If you’re like me, you love using the keyboard. Beta 2 adds extensive keyboard shortcuts for frequently-used functionality and uses common keyboard conventions so you become comfortable with the tools quickly. For example, F12 opens the tools, CTRL+E puts focus in the search box, and F3 and SHIFT+F3 cycle through results. Check out the full keyboard reference to learn all the shortcuts.

Besides some polish to make the tools prettier (even devs appreciate a nice design touch here and there), toolbars within the tabs make access to common tasks fast, and syntax-highlighting throughout the tools makes everything easier to read.

You can pin the Developer Tools to the Internet Explorer window as you could with the Internet Explorer Developer Toolbar, but Beta 2 also lets you minimize in window. With the tools pinned, press the ‘Minimize’ button or CTRL+M to reduce the tools to only the menu bar to save screen space while retaining access to the menus and Browser and Document Modes.

Internet Explorer Developer Toolbar Features

As promised, we’ve included all the features you’re familiar with from the Internet Explorer Developer Toolbar, including the ‘Attributes’ list view and ‘Resize window’ functionality.

More Information

Keep watching this blog for more about the JScript tools and check out these articles for more information:

• Discovering the Internet Explorer 8 Developer Tools
• Developer Tools: Script Debugging Overview
• Internet Explorer 8 Developer Tools GUI Reference
• Developer Tools: Script Profiler Overview
• Developer Tools: Keyboard Shortcuts

John Hrvatin
Program Manager

edit: image resize; Console.log to console.log; search fox to search box

Now that Beta 2 has released, I want to provide a short update on some of the smaller security changes the team has recently made. I’ve also linked to a great article on the IE8 XSS Filter implementation written by the architect of that feature.

Restricting document.domain

The document.domain property initially returns the fully qualified domain name of the server from which a page is served. The property can be assigned to a domain suffix to allow sharing of pages across frames from different hostnames. For instance, two frames running at app1.example.com and app2.example.com can script against one another if both frames set their document.domain to their common example.com.  A frame may not set its domain property to a top-level-domain, nor to a different domain suffix. For instance, app1.example.com cannot set its domain property to .com or microsoft.com.  The HTML5 proposal formalizes the algorithm used to determine if a given domain property assignment is permitted, and it specifically requires that the assigned value is a suffix of the current value.

In Internet Explorer 7, the following set of calls would succeed:

// initial document.domain is app1.example.com
document.domain = "app1.example.com";  // 1. Domain property set to default value
document.domain = "example.com";        // 2. “Loosen” domain
document.domain = "app1.example.com";          // 3. “Tighten” domain

In Internet Explorer 8 and other browsers, the 3rd assignment will throw an exception, because app1.example.com is not a suffix of the then-current value, example.com.

Put simply, once you’ve loosened document.domain, you cannot tighten it.

Web Applications that need to interact with data from other domains may wish to consider using the postMessage() or XDomainRequest APIs rather than adjusting the document.domain property.

Restricting Frame-Targeting

HTML5 also specifies the circumstances in which one frame is permitted to use the targetname parameter of a window.open() call to navigate another named frame or window. 

The rules are meant to help prevent a window injection vulnerability. In a window injection attack, a malicious website in one browser frame attempts to “hijack” a frame or popup owned by a trusted webpage.

For instance, consider the scenario where http://contoso.com opens a popup window with the name helpPage.

window.open("helpTopic.htm", "helpPage", "height=200,width=400");

If another page at http://evil.example.com attempts to hijack this window, like so:

window.open("spoof.htm", "helpPage", "height=200,width=400");

…instead of navigating the helpPage window owned by Contoso.com, spoof.htm will instead open in a new browser window. While Internet Explorer 7 and 8 always show an address bar on every window, this new restriction makes window injection spoofs even less convincing.

MIME-Handling: Sniffing Opt-Out

As discussed in Part V of this blog series, Internet Explorer’s MIME-sniffing capabilities can lead to security problems for servers hosting untrusted content.  At that time, we announced a new Content-Type attribute (named “authoritative”) which could be used to disable MIME-sniffing for a particular HTTP response. 

Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header.  Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type.

For example, given the following HTTP-response:

HTTP/1.1 200 OK
Content-Length: 108
Date: Thu, 26 Jun 2008 22:06:28 GMT
Content-Type: text/plain;
X-Content-Type-Options: nosniff

<html>
<body bgcolor="#AA0000">
This page renders as HTML source code (text) in IE8.
</body>
</html>

In IE7, the text is interpreted as HTML:

In IE8, the page is rendered in plaintext:

Sites hosting untrusted content can use the X-Content-Type-Options: nosniff header to ensure that text/plain files are not sniffed to anything else.

XSS Attack Surface Reduction: CSS Expressions Disabled IE8 Standards Mode

Also known as “Dynamic Properties,” CSS expressions are a proprietary extension to CSS that carry a high performance cost.  CSS Expressions are also commonly used by attackers to evade server-side XSS Filters. 

As of Beta 2, CSS expressions are not supported in IE8 Standards Mode. They are still supported in IE7 Strict and Quirks mode for backward compatibility. While the IE8 XSS Filter can block attempts to reflect CSS Expressions as part of an XSS attack, blocking them in IE8 Standards Mode brings a performance benefit, improves standards-compliance, and acts as an attack surface reduction against script injection attacks.

Deep Dive on the IE8 XSS Filter

David Ross, architect of the IE8 XSS Filter has published a technical article on the architectural and implementation details of the XSS Filter over on the Secure Windows Initiative blog. If you’re interested in the nitty-gritty details of how the XSS Filter operates, please take a look.

Thanks for reading!

Eric Lawrence
Program Manager
Internet Explorer Security

Back in June, Dean Hachamovitch kicked off a series of blog posts explaining how the IE team approached the task of building a trustworthy browser. Trustworthiness is the foundation of Internet Explorer 8, and we’ve worked hard to deliver a product with improved security, reliability and privacy, while supporting these new features with responsible business practices that respect users’ choices.

Throughout a lengthy set of blog posts this summer, my colleagues and I have detailed the investments we’ve made in each of these key areas. This post serves as a summary for readers who would like to refer back to the posts we’ve made on this topic.

Trustworthy Browsing: Security

• Part I: DEP/NX Memory Protection details how Internet Explorer 8 will mitigate memory-related vulnerabilities by working with Windows and your processor to help prevent code from running in memory that was marked non-executable.
  
  
• Part II: ActiveX Improvements explains the important attack surface reduction changes we’ve made to add-ons for IE8, and provides references to help developers build more secure controls.
  
  
• Part III: The SmartScreen® Filter describes how we’ve built upon the success of the IE7 Phishing Filter to deliver reputation-based protection against malicious sites, including those that distribute malicious software.
  
  
• Part IV: The XSS Filter explains cross-site-scripting attacks and details how the new IE8 feature will help mitigate the most common vulnerability in software today.
  
  
• Part V: Comprehensive Protection describes how the Web Application Defenses, Local Browser Defenses, and Social Engineering defenses we’ve built for IE8 help provide comprehensive protection from malicious sites.
  
  
• Part VI: Beta 2 Update, coming to the IE Blog next week, will describe minor changes we’ve made to Beta 2 security features in response to customer feedback and to improve support for the current HTML5 draft proposal.

Trustworthy Browsing: Reliability

• IE8 and Loosely-Coupled-IE explains the architectural changes which have been made to Internet Explorer to help improve the performance, reliability, and scalability of the browser.
  
  
• IE8 and Reliability describes how LCIE enables the new IE8 Automatic Crash Recovery feature, designed get users back to browsing as quickly as possible after a crash.

Trustworthy Browsing: Privacy

• Privacy Beyond Blocking Cookies: Bringing Awareness to Third-Party Content discusses one aspect of privacy on the web: third-party content.
  
  
• IE8 and Privacy discusses new IE8 InPrivate™ features that give users more choice about controlling what information they keep and exchange.

Trustworthy Browsing: Business Practices

• IE8 and Trustworthy Browsing frames our overall approach in Security, Privacy, Reliability and Business Practices for IE8 in reference to Microsoft’s framework for Trustworthy Computing.
  
  
• Font Embedding on the Web describes our proposed standard for font embedding that supports the intellectual property rights of type designers.

Thank You!

This summer, we’ve done our best to keep you informed about the investments we’re making in Trustworthy Browsing for IE8 while working feverishly to deliver these improvements as soon as possible. Our blog community, chat participants, standards bodies, partners and even competitors have provided tons of great feedback on the work we’re doing, and Internet Explorer 8 will be a much better browser for it.

Thank you all—we hope you enjoy IE8.

Eric Lawrence
Program Manager
IE Security

Hey there, just a short post to let you know that new VPC images are ready for download. You can access them from the tools section on the Internet Explorer Developer Center, too. Thank you for your patience!

Kristen Kibble
Program Manager

We're making steady progress on Opera 9.6, fixing several of the issues reported within the last week. Please continue to test and report problems help us improve Opera. Thank you!

PS: Don't forget to wish Jon a Happy Birthday (that's "Gratulerer med dagen" in Norwegian). Five other employees had their birthdays today, too!

WARNING: These are development snapshots: they contain the latest changes, but they also have severe known issues, including crashes and data loss situations. In fact, they may not work at all.

Known Issues

• Some feed previews load continuously and Opera crashes when closing a tab in this state
  
• Some feed previews show as unstyled XML on initial load (reloading the tab fixes the problem)
  

Changelog

• Fixed problem synchronizing with Opera Link on Windows and Mac. If you still get this problem, exit Opera and delete the file called link_queue_myopera.dat in the "Opera directory" listed in opera:about, then try again.
  
• Fixed problem where follow/ignore missed some messages
  
• Remember bookmark panel position after restart
  
• When setting opera:config#TransferWindow|KeepEntriesDays to 0, actually remove transfer history when restarting
  
• Load feed previews even when JavaScript is disabled
  
• Don't show both GUID and LINK elements when viewing feed items in Opera Mail
  
• Fixed crash when subscribing to feeds while Opera Mail is disabled
  

Download
Windows
Windows Classic
Macintosh
UNIX

As Paul mentioned in Part 1 of this post, we’ve really focused on making your everyday browsing experience better. In addition to the useful changes he talked about, we’ve made IE8 even more useful with integrated services so that you can easily accomplish the common things you do on the web – search for a product, check the weather, map an address, and more)

In Beta 1, we showed how IE8 could be better with services with features like Accelerators and Web Slices (BTW, Accelerators are the same as the Beta 1 Activities with an updated name and icon). For Beta 2 we have even more features that help you use your favorite sites in new ways.  Check out these features as you explore the product!

Search Box Suggestions

New to IE8 beta 2 are Search (text) Suggestions and Visual Search Suggestions which are wired into the Search box. As you type in the Search box, the selected search provider can offer query suggestions and display search results right in place! Not only can the search provider provide text suggestions, they can include images as well. This way you can dynamically narrow down your search results quickly and get single-click access to the web page without having to leave the Search box. Also, check out our new Quick Pick menu which puts your search providers at your fingertips. 

To make it easier to take advantage of the enhanced Search box, we automatically update many of your existing search providers to versions that support suggestions. If you want more providers use the IE8 Gallery.

Accelerators

Copy-navigate-paste is old. Accelerators are services that you access directly from the webpage in the context of what you’re doing, letting you bookmark, define, email, map and more with a simple selection. Even your search providers are available as Accelerators. Some Accelerators provide previews so that you can view the result without having to leave the current webpage. Clicking on an Accelerator opens a new tab with the full result.

We’ve given you more control in IE8 beta 2 by adding custom categories to an Accelerator so that you can control how your Accelerators are organized. Just select an Accelerator from the Manage Add-ons dialog.

Find out if your favorite site has an Accelerator available from the IE8 Gallery.

Web Slices

As we showed in Beta 1, Web Slices give you updates directly from the Favorites bar, helping you keep track of your important information. A Web Slice is a subscription to part of a web page; when an update is available, IE8 bolds the title of the Web Slice so you know there’s something new to see. I have several Web Slices that make it easy to keep track of my favorites – the weather, friend updates on Facebook, popular links from Digg, and current auction items on eBay. When there’s something new to see, you can preview the update and click through to the full web page for more details. We’ve also added a refresh button from the preview for Beta 2 so that you can get the latest content without having to navigate.

When a site supports Web Slices a Web Slice icon appears in the command bar. Try out Web Slices with eBay, Digg, Live Search (type in your city + weather like “Seattle weather”), and more from the IE8 Gallery.

Feeds on the Favorites bar

In IE7 we added feed reading to the browser. For the IE8 Beta 2 release, we’ve made it even easier to reach your feeds by allowing them to be added to the Favorites bar. You’ll get updates just like you did before where unread headlines are marked in bold. Selecting a headline opens the full web page.

Feeds are available for most websites today – select the feed icon in the command bar and use the new add button on the Favorites bar.

Suggested Sites

It’s easy to get stuck in a bit of a rut, browsing the same sites all the time. In IE8 we make it easier to find sites you might like. Once you turn on Suggested Sites, IE looks at what sites you visit and then offers recommendations of other similar or related sites, right from the Favorites Bar.

If you don’t have Suggested Sites on already, try it out by going to the Favorites Center and clicking on the “Turn on Suggested Sites” button at the bottom of the menu. 

These features give you quick access to your services without having to leave the current webpage, making it faster and easier to browse the web.  We’ll be blogging about the details of these features as well as how sites can enable these services in the next few weeks, so stay tuned!

In the meantime, we hope you try out Beta 2 and check out the IE8 Gallery to customize your browser with the services you use all of the time.

Enjoy!

Jane Kim
Program Manager

Hi, my name is Paul Cutsinger and I’m the Lead Program Manager for the IE8 User Experience.

As Dean mentioned in his beta 2 announcement post, for IE8 we focused on improving people’s everyday browsing experience – what they do all the time. We looked closely at what people do and how they do it to design ways to make their browsing even better. For all of the top usage patterns, we looked for ways to reduce steps, introduce new capabilities, and improve on how people actually browse. 

In this post, I’ll discuss a small sampling of IE8’s new features that make everyday browsing faster and easier. Future posts will cover each of these, and other, features in more depth.

Smart Address Bar

Based on our observations of IE7 and IE8 Beta 1 usage, we learned that roughly 80% of the time people’s destination on the web is a previously visited site. In the past, people would use their Favorites or History, or they’d just go through all the steps to navigate to the website again.

The Smart Address Bar enables you to find Favorites and sites in your history by just typing a few letters. That’s much fewer steps than using the Favorites and History center. We also added the capability to search the title, web address and even folders for those who have organized their favorites. This means that you’ll find sites even if type something other than just the first part of the web address. To make it easier to find what you’re looking for, we group the results and highlight the matched text.

Favorites Bar

One click access is ideal for the sites and information you want frequently and you can use the Favorites Bar to do this. You can now add favorites, feeds, Web Slices and folders to the Favorites Bar for one click access. It’s also one click to add a favorite to the Favorites Bar.

Many people make a habit of checking back on certain sites like email, auctions, news and blogs many times a day. Well, it’s great that these can be just one click from the Favorites Bar but, it’s really only interesting to see these pages when they’ve changed. So, feeds and Web Slices will turn bold, like an unread email, when there’s something new to see. Now you’ll know that there will be something interesting even before you click.

New Tab Page

When people open a new tab, they’re about to go to a website. So, we looked for ways to make that as fast and easy as possible. They could use the address bar or the Favorites Bar. They could also use the Search Box with its Visual Search suggestions new to Beta 2. Those are all great ways to go to a website. While studying usage patterns, we found a few other opportunities to refine the experience even more. Now, from the new tab page, you can immediately start common navigation tasks like reopening a closed tab or starting an InPrivate Browsing session.

All of these come together to help you get to the websites you want with the fewest possible steps and without needing to hunt through the menus to figure out how.

Tab Grouping

We’re seeing an emerging tab trend where people open several pages so they can read them later. For example, they might be reading a news article or blog and then they open some of the links in new tabs as they go so they can finish reading and easily come back when they’re done to read the related pages.

We love tab browsing, but it’s easy to get confused where all the tabs came from. IE8 opens keeps these pages grouped together and color codes them. As you close tabs in a group, IE takes you to the next one in the group; similarly, if you open more tabs from the first site, IE appends them to the group rather than adding them to the end of all the tabs. With this, it’s easy to read and use all the related pages together. We’ll be blogging in more detail about this feature (and others) over the next few days.

Find on Page

We’d heard from many, many users that the Find dialog in IE6 and IE7 was always getting in the way, making it hard to actually find content on the page. So, we’ve added a Find bar at the top of the page (finally!) that lets you more easily find content on the page.

This is an example of how we’ve simplified experiences to remove subtle but significant extra user effort.

Faster and Easier throughout the product

As you use the beta and read the deeper feature blog posts, you’ll see more examples of how we made browsing easier like how we highlight the domain in the address bar for quick visual scanning. You’ll also see how we made browsing even better with service connected features like Visual Search, Accelerators, and Web Slices in part 2 of this post.

I hope you’ll enjoy how much faster and easier browsing is with IE8. I look forward to hearing your feedback on the beta.

Paul Cutsinger
Lead Program Manager

We’re excited to release IE8 Beta 2 today for public download. You can find it at http://www.microsoft.com/ie8. Please try it out!

You’ll find versions for 32- and 64-bit editions of Windows Vista, Windows XP, Windows Server 2003, and Windows Server 2008. In addition to English, IE8 Beta 2 is available in Japanese, Chinese (Simplified), and German. Additional languages will be available soon.

While Beta 1 was for developers, we think that anyone who browses or works on the web will enjoy IE8 Beta 2. Before the team blogs about our Beta 2 in detail, here’s an overview of what you’ll find in IE8.

We focused our work around three themes: everyday browsing (the things that real people do all the time), safety (the term most people use for what we’ve called ‘trustworthy’ in previous posts), and the platform (the focus of Beta 1, how developers around the world will build the next billion web pages and the next waves of great services).

Everyday Browsing

We looked very hard at how people really browse the web. We looked at a lot of data about how people browse and tried a lot of different designs in front of many kinds of people, not just technologists. As tempting as it is to list here all the changes both big and small in IE8, we’ll take a more holistic approach. That’s how we built the product and how we’d like to talk about it.

From our customer research, we saw that the bulk of user activity outside of web pages involved tabs and “navigation” – the act of getting to the site the user wants to get to. We also knew that adding features has an impact only if they’re “in the flow” of how people actually use the product. Another menu item might matter in a checklist on a blog somewhere, but won’t matter to real people browsing. That’s why IE8’s New Tab experience is so remarkable: it’s obvious – after you see it:

IE8 makes bringing back tabs (and entire IE sessions) users have closed a lot easier; it’s in the natural flow of how users work. IE8 also takes into account that there are often relationships between new tabs that users open, and the browser can make it a lot easier to figure out which tabs go with which. Below, the tabs that came from the links in the search results page are grouped together and colored differently from the headlines the user followed off another page, which are different from links the user followed off other pages:

Navigation – or getting to where you want to – is a lot faster and easier too. Typing in the Smart Address Bar not only searches across Favorites, History, and RSS feeds, but provides a great experience:

We put a lot of different designs in front of users in order to find one that was this effective. It’s easy to scan, with the different sections marked off and one line for each item, and the highlighting is easy on the eye. Deleting typos (or other unwanted suggestions) from this list is also easy – notice the red "x" above appears when a user places his mouse over an item.

Beyond tabs and navigation, people use services all the time. When you have an address but want a map, or want to just select some text and make a blog post out of it, IE8’s Accelerators (formerly known as ‘Activities’) are handy. For Beta 2, we’ve worked with a lot of great partners to deliver a bunch of choices for users. They’re much faster and easier than the “select, copy, new tab, navigate, paste, repeat” process in today’s other browsers.  We think users will enjoy the consistent experience they’ll get from service to service, and appreciate being in complete control of which are installed and are the default. We hope that websites (and enthusiasts!) write more of them and give us feedback. Staying up to date with the latest information is a lot easier with Web Slices, that put information directly in your Favorites bar where you can get at it quickly.

This is a good moment to talk about performance. We think about two kinds of performance: real world and lab. In a lab, we measure performance in milliseconds. That’s important work, and we did a lot of it since Beta 1. You’ll find IE8 is a lot faster than IE7 on many sites. We can go through and detail, for example, exactly which Gmail operations are faster in IE8 than other browsers and vice versa.

Real world performance is about how people get their tasks done, and that’s something you don’t measure in milliseconds. We think you’ll enjoy the impact of IE8’s new tabs, Smart Address Bar, Favorites bar, Search box, Accelerators, and Web Slices on your daily browsing.

Visual Search in IE8 speaks for itself. Websites can offer rich search results as you type in the Search box:

After installing IE8, try out Visual Search from the New York Times, Wikipedia, Amazon, or eBay. (Many other sites offer regular text suggestions as well.)

Safety

Safety isn’t about technologies and features, but two words: in control. We think users should be in control… of their settings, their information, what code runs on their machine, of their browser overall.

Previous posts have described what you’ll find in IE8 Beta 2 with respect to the SmartScreen Filter and protection from phishing and malware as well as many other defenses. The XSS Filter is particularly exciting because it offers real people a real defense from a real threat, by default and out of the box. We’ve blogged about InPrivate previously as well. Taken together, these features do a great job putting the user in control of their information.

The reliability improvements in IE8 Beta 2 are big. Crash recovery is nice, but not crashing is even better. Because in IE8 Loosely-Coupled IE (LCIE) separates the frame (the address bar, back button, etc.) from the tabs, and the tabs (mostly) from each other, crashes are more contained and affect fewer tabs than before. We think users will also appreciate having close boxes on all their toolbars so that disabling ones they don’t want – while leaving the ones they do – is easier.

Platform

IE8 is more interoperable with other web browsers and web standards. The contribution of CSS 2.1 test cases to the W3C is an important in order to really establish a standard way to assess standards support. We think that CSS 2.1 remains the most important place to deliver excellent interoperability between browsers. We think developers will enjoy the improvements to the built-in tools, as well as the other opportunities to integrate their sites in the user’s daily life with Accelerators and Web Slices. You can find more information at the IE Development Center, http://msdn.microsoft.com/ie.

After deciding to default IE8 to the most standards-compliant mode available, we wanted to be sure to address compatibility concerns for organizations and individuals. Would websites that expect IE8 to behave the way IE7 does create a problem for end-users? Since March, we’ve been telling developers about a small change they can make to their sites to tell IE8 to show their sites as IE7 does. Many have – but there are a lot of sites that may have not yet addressed this. The Compatibility View button (new to IE8 Beta 2) is a good solution to provide end-users a good experience as the web transitions.

Some Important Details

Anyone interested in customizing and redistributing IE8 (the way others have IE7) can find information about the IEAK here. (We’ll have a more detailed post about IEAK and group policy soon.) One important aspect of a beta release is getting feedback; we’re using the same channels as described in this Beta 1 post (for example, this IE Beta newsgroup).

Read more about guidelines for upgrading to IE8 Beta 2 today. Also, If you are currently using IE8 Beta 1 on Windows XP or Windows Server 2003 with Automatic Updates turned on, you will receive IE8 Beta 2 through Windows Update.

Download IE8 Beta 2, use it – the browser itself, the developer tools, writing an Accelerator, marking part of your page as a Web Slice – and let us know what you think. 

Thank you,

Dean Hachamovitch
General Manager

At the start of the Internet Explorer 8 project we made a commitment to great website compatibility. It’s worth noting that this commitment hasn’t changed, even given the short-term impact of our announcement to better align with Microsoft’s interoperability principles. In other words, compatibility has been and continues to be a very important part of the Internet Explorer 8 feature set.

With Beta 2 we’re announcing a brand new feature known as Compatibility View. In a nutshell, Compatibility View allows content designed for older web browsers to still work well in Internet Explorer 8.

Compatibility View and End Users

When a web site says that it supports modern web standards, Internet Explorer 8 respects that and displays the site using its most standards compliant mechanism. In the majority of cases, this works out just fine. However, every once in a while, a page that says “display me using modern standards” really means “display me like Internet Explorer 7 used to display modern standards pages”. This is where Compatibility View comes in.

There are a bunch of changes under the hood, but the main points to know are –

• Sites on the public internet still display in IE8 Standards Mode by default.
• Switching in and out of Compatibility View (between IE7 and IE8 modes) happens on the fly without a browser restart.
• Compatibility View is domain specific.

A new UI button located in the navigation bar just to the right of the address bar (next to the refresh button) controls the Compatibility View feature and replaces the Emulate IE7 button from Beta 1.

IE only displays this button when toggling into Compatibility View makes sense, such as when viewing Standards mode pages. In all other cases, such as when viewing Quirks mode pages or viewing intranet sites (they’re already being displayed in Compatibility View as discussed later in this post), IE hides the button.

Depending on the speed of your machine, you may see the page refresh when the Compatibility View button is selected. In any case, a balloon tip lets you know that the site is now running in Compatibility View. Additionally, the Compatibility View icon shows a “pressed” state so that you can know what view you’re running in after the balloon tip disappears.

The "scope" of emulation is limited to the domain you are viewing when you press the button, not some other mechanism like the life of the process or the tab. And, Internet Explorer remembers your preference by storing the domain in a client-side list so that the next time you visit the site you don't have to press the button again.

Compatibility View and the Enterprise

A large number of line-of-business websites are Internet Explorer 7 capable today. In order to preserve compatibility, Internet Explorer 8 ships with smart defaults based on zone evaluation. In the default state, all sites on the public internet display in Internet Explorer 8 Standards mode (Compatibility View off) and all intranet websites display in Internet Explorer 7 Standards mode (Compatibility View on).

Let’s look at some examples.

If you navigate to sites on the Internet like www.msn.com and www.live.com, Compatibility View is off by default. Internet Explorer 8 identifies itself with a User Agent string of ‘8’, Version Vector of ‘8’ and displays webpages that trigger standards mode in Internet Explorer 8 Standards mode. The same is also true if you navigate by IP address, such as http://192.168.0.1. As Internet Explorer can’t tell offhand whether the IP address is internal or external, it assumes the latter. Use Compatibility View to fix problems with websites in this category just like you used to use the Emulate IE7 button.

If you navigate to sites on your local intranet like http://myPortal and http://sharepoint/sites/mySite, Internet Explorer 8 identifies itself with a User Agent string of ‘7’, Version Vector of ‘7’, and displays webpages that trigger standards mode in Internet Explorer 7 Standards mode. This combination allows webpages that worked correctly in Internet Explorer 7 to continue to do so in IE8.

Just for completeness, it’s also worth noting that local pages such as ‘C:\Temp\MyWebPage.htm’ display in Internet Explorer 8 mode (Compatibility View off) by default.

A new entry in the ‘Tools’ menu allows for advanced configuration of the feature.

You can configure all intranet sites to display in Internet Explorer 8 mode. You can also configure policy such that every site is viewed in Internet Explorer 7 Compatibility View (identical to the behavior from Internet Explorer 8 Beta 1 when the Emulate IE7 button was pressed). Lastly, you can pre-populate a list of sites that should always be viewed in Compatibility View and / or edit the current entries that are populated via Compatibility View button press. This is especially handy if you encounter a Quirks mode site that is blocking Internet Explorer 8 due to incorrect User Agent String detection – you can add the site in question to the compatibility list and be on your way.

The entire feature is Group Policy enabled, giving you the most granular level control over the various knobs and switches. Most settings can also be configured using the IEAK.

Compatibility View and Web Developers

If you develop pages according to modern web standards and use the DOCTYPE directive to indicate layout mode, Internet Explorer behaves just as you would expect – Quirks DOCTYPEs map to Quirks mode and Standards DOCTYPEs map to IE8 Standards mode. And, just as in Beta 1, you can opt-out of IE8 Standards mode via <META> tag / HTTP header.

The best way to ensure users have a great experience with your website, and thus don’t have to use the Compatibility View feature at all, is to test your site using Internet Explorer 8 and update it as necessary. In the event that a user selects Compatibility View for your site, you can “bring them back” to your desired layout mode via use of the version targeting <META> tag / HTTP header. A new content value, ‘IE=EmulateIE8’, rounds out the list of supported values and assists in this particular scenario.

Content Value

Details

IE=EmulateIE8

Display Standards DOCTYPEs in IE8 Standards mode; Display Quirks DOCTYPEs in Quirks mode. Use this tag to override compatibility view on client machines and force Standards to IE8 Standards.

The presence of the <META> tag / header serves as an indication that the site has been updated to support IE8 and its value “wins” over whatever mode Compatibility View on the client would have resulted in. The presence of the tag / header also has some other side effects. For one, it triggers clean-up of the user list entry, ensuring that long-term the client’s user list gets pruned and you don’t have to keep the <META> tag / header in place forever. (BTW, the user list also gets pruned when you choose to delete browser history). For another, presence of the tag / header causes the top-level command bar icon for Compatibility View to not be displayed, effectively preventing most users from adding your site to the Compatibility View list.

A new tag in the User Agent string allows for detection of clients viewing your site in Compatibility View. This tag is also present in the “normal” Internet Explorer 8 User Agent string.

• Compatibility View:
  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; SLCC1; Media Center PC 5.0; .NET CLR 3.5.21022)
  
  
• Updated IE8 UA String:
  User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; Media Center PC 5.0; .NET CLR 3.5.21022)

Finally, an update to the Developer Toolbar completes the feature set. The new ‘Browser Mode’ menu lets you modify how Internet Explorer behaves as well as how it reports its version to servers and websites. This lets you use Internet Explorer 8 to see what your site looks like in IE8 (the default), what your site looks like in IE7, and what your site looks like for users in IE8 who are running in Compatibility View.

The ‘Document Mode’ menu continues to exist independently of ‘Browser Mode’ to let you see what your site would look like if you changed the layout mode by using a different DOCTYPE or the <META> tag.

Summary

We hope you find the new Compatibility View feature a noticeable improvement over the Emulate IE7 button experience.

If you encounter problems with a specific website that Compatibility View doesn’t resolve, we’d like to know about it. The Report a Webpage Problem tool will help you submit a report.

Scott Dickens
Lead Program Manager

edit: updated ALT text for images

I am here to tell you how to upgrade to IE8 Beta 2. IE8 Beta 2 system requirements are the same as IE8 Beta 1 and it’s currently available in English, Chinese Simplified, German and Japanese. Stay tuned for more localized IE8 Beta 2 versions to be available shortly.

Windows XP or Windows Server 2003 Getting Ready

Before you start IE8 Beta 2 installation, there are a couple of things to keep in mind:

• Uninstalling IE8 Beta 1

If you have Internet Explorer 8 Beta 1 installed, the  IE8 installer will automatically uninstall any earlier versions and then install the latest version of IE8 Beta2 for you. You will be prompted to reboot twice. The first reboot is to remove IE8 Beta 1 from your machine and the second one to complete the IE8 Beta 2 installation. When you launch Internet Explorer, you can open the Help->About Internet Explorer dialog to see the version number 8.0.6001.18241.

• Getting required updates for IE8 Beta 2

There is 1 update required when running IE8 Beta 2 on multi-core XPSP2 x86 computers:

Knowledge Base Article 932823 or Knowledge Base Article 946501 - This update resolves a problem in which an access violation occurs when an application exists on a Windows XP SP2-based multi-core computer. It will be installed automatically if you select “Install the latest updates” option in Setup Wizard.

Windows XP Service Pack 3(SP3) users only

The only time we encourage you to manually uninstall Internet Explorer 8 Beta 1 prior to upgrading to IE8 Beta 2 for Windows XP users is if you happened to install Windows XP SP3 after installing IE8 Beta 1.

To see if you need to manually uninstall IE8 Beta 1, check these things:

• Is your computer running Windows XP SP3?

Click on the Start Menu and then right click on My Computer and then click Properties

On the General Tab under System it’ll say Microsoft Windows XP Service Pack 3

• Is the  remove option for IE8 Beta1 grayed out?

From the Start menu, open Control Panel and click Add or Remove Programs

Select Windows Internet Explorer 8 Beta 1 and you are unable to click on the Remove button.

If you answered yes to both questions, you will be able to install Internet Explorer 8 Beta2, but once installed, you will not be able to uninstall either IE8 or Windows XP SP3 later. The Setup Wizard will warn you prior to installation:

If you chose to continue, Windows XP SP3 and IE8 Beta2 will become permanent. You will still be able to upgrade to later IE8 builds as they become available, but you won’t be able to uninstall them.

To avoid getting into this situation, we strongly encourage you to follow these steps before installing Internet Explorer Beta 2:

1. Uninstall Windows XP SP3
2. Uninstall IE8 Beta1
3. Re- install Windows XP SP3
4. Install IE8 Beta2

See my earlier blog post on Internet Explorer and Windows XP SP3 for more information.

Windows Update

Internet Explorer Beta 2 will be offered to those Windows XP and Windows Server 2003 systems that have IE8 Beta 1 installed and have Automatic Updates turned on. A prompt in your Windows task bar will alert you when IE8 Beta 2 is ready for installation. The language version of IE8 Beta 2 offered is based on the your Windows Operating System Language version. For example, if your computer is running a Chinese Simplified or German version of Windows, you will be offered IE8 Beta 2 in Chinese Simplified or German respectively. For any other Windows languages, Internet Explorer 8 will be offered to you in English. Again, this only applies to those systems that have IE8 Beta 1 installed.

Localized Versions

When installing localized versions of Internet Explorer 8 Beta 2 on XP or Windows Server 2003 please remember that the base language of the operating system must match the IE8 language you are trying to install; otherwise the Setup Wizard will display an error.

More information about installing localized versions of IE8 Beta 2 can be found in the release notes.

Uninstalling IE8 Beta 2

1. From the Start menu, open Control Panel and click Add or Remove Programs
2. Click Windows Internet Explorer 8 Beta 2 and then click Remove.
3. Your computer will be reverted to Internet Explorer 6 + previous IE6 security updates or Internet Explorer 7 + previous IE7 security updates depending on what you had before the upgrade.
4. You can confirm that by clicking Help, then About Internet Explorer next time you launch Internet Explorer.
5. Be sure to check for any new security updates.

Windows Vista or Windows Server 2008 Getting ready

Before you start installing Internet Explorer 8 beta2, there are a couple of things you need to do to prepare your computer:

• Uninstall Internet Explorer 8 Beta1

You need to manually uninstall earlier builds of IE8 before installing IE8 Beta 2.

• Open Control Panel and click Programs.
• Click Programs and Features, and click View installed updates.
• Wait for the full list to be populated and then select Windows Internet Explorer 8.
• Click Uninstall this update.

After uninstall is complete, restart the computer. Your computer will be reverted to Internet Explorer 7 + previous IE7 security updates.

• Getting required updates for IE8 Beta 2

Knowledge Base Article 937287 - This update helps improve reliability and performance when you install or remove Internet Explorer 8 and future individual updates from Microsoft. Without this update, IE8 setup will be blocked: “Setup cannot continue because one or more updates required to install Windows Internet Explorer 8 are not present.”

Knowledge Base Article 943302 – This update addresses known application compatibility issues in Windows Vista. It will be installed automatically if you select “Install the latest updates” option in the Setup Wizard.

Knowledge Base Article 957055 – This update addresses a known compatibility issue between RealNetworks RealPlayer 11 and Window Vista Service Pack 1. It will be installed automatically if you select “Install the latest updates” option in the Setup Wizard.

You are now ready to install IE8 Beta 2. After IE8 Beta 2 installation is complete, the final screen of the Install Wizard indicates that Internet Explorer installation completed successfully.

After you restart your computer and launch Internet Explorer, you can open the Help->About Internet Explorer dialog to see the version number 8.0.6001.18241.

Localized versions

In Windows Vista and Windows Server 2008, we significantly improved the installation experience for localized versions of Internet Explorer 8 beta 2. Unlike Windows XP and Windows Server 2003, the base language of Windows does not need to match the Internet Explorer 8 language version in order for a successful install. When your user active language matches the Internet Explorer 8 language you installed, then IE8 will appear in the desired language. You will still be able to use IE8 in all other scenarios, but it will appear in English as a fall back version.

More information about installing localized versions of IE8 Beta2 can be found in the release notes.

Uninstalling IE8 Beta 2

1. From the Start menu, open Control Panel and click Programs
2. Click Programs and Features and click View Installed Updates (located in the left side menu)
   Note: The complete list of installed updates takes a moment to update.
3. Select Windows Internet Explorer 8 and Uninstall
4. Your machine will be reverted to IE7 + previous IE7 security updates
5. You can confirm that by clicking Help, then clicking About Internet Explorer next time you launch Internet Explorer.
6. Be sure to check for any new security updates.

What do I do when I run into issues installing IE8?

Check out the knowledge base article on Troubleshooting IE8 installation. If after trying the recommended workarounds you still can’t install IE8, go to the IE Beta Newsgroup to see if there are any known solutions available. Microsoft MVPs and IE Team members are monitoring this newsgroup and they will help address your issues.

Thank you,

Jane Maliouta
Program Manager

Edit: Updated KB957055 link; added note to uninstall steps for Vista

Hi! I’m Christian Stockwell, and I’m helping to improve Internet Explorer performance.

In the past few months, each of the browser makers has made very similar claims around their performance: “Superior speed and performance”, “The fastest and most powerful Web browser available”, and “The fastest web browser on any platform.” In some fundamental way, I think the likeness of these statements is a by-product of the complexity inherent in performance measurement and analysis.

Rather than join the chorus and trumpet IE as the fastest browser in the universe, this post is my attempt to demystify the performance work that is being delivered as part of IE8 so that you can understand how we are making you more productive.

Best of all, you don’t need to take my word for it. As Dean mentioned back at MIX08, Google has commented on our IE8 Beta 1 improvements (emphasis mine), and we’ve made IE8 even faster since then:

“Some of the tests we have done show pure JScript performance improvements up to 2.5 times. We also measured the performance gains on common Gmail operations, like loading the inbox (34%), opening a conversation (45%) and opening a thread (27%) compared to IE7.”

Before I delve too far into the body of this post I am going to first take a step back to explain how the IE team thinks about performance. I will then discuss some of the performance work that has gone into IE8 and how it will make IE8 a better browser for user and developers. Lastly, I will touch on some of the great IE8 features that give web developers the right tools they need to be more productive and to build the next generation of great sites.

The Big Picture: Performance and Productivity

“Every language has an optimization operator. In C++ that operator is ‘//’”

- Overheard at the O’Reilly’s Velocity Conference, June 2008

To describe the effort we are undertaking with IE8 we first need to take a step back to consider the relationship between performance and productivity. Most importantly, recognize that browser performance is a means to an end. The end goal is to build a platform that makes users and developers more productive. If we ignore that target the task of building a fast product is suddenly much easier: do precisely nothing.

For IE8, the recognition that users want to accomplish a set of actions when they browse the web has manifested itself in many of the features we have disclosed to date in IE8. A clear example that improves user productivity is Web Slices. Consider, for example, how Web Slices delegate the browser to check for updated content on behalf of users.

Both of these features present new productivity options for both users and developers. For users, the benefit of having common actions distilled into two quick button presses is obvious. Developers, for their part, can consider the benefits of quickly introducing new lightweight Web Slices instead of investing hundreds of developer hours tuning site loading speed for the hordes of users compulsively refreshing their pages in the pursuit of updates.

Beyond these two manifestations of our focus on productivity, IE8 includes many key improvements. In the first section below I describe in greater detail the work we’ve done to date to improve your productivity. The last section of this article discusses some of the great developer features we’ve built that will give site developers the right foundation they need to efficiently build faster sites in Internet Explorer.

Great Performance: How to build a faster browser

As we started planning what we wanted to accomplish with IE8, we made a conscious decision to improve how people use Internet Explorer to browse the web. Broadly stated, some of the areas we pinpointed for improvement include browser startup, navigation, and user interactions (including AJAX-style interactions within a webpage).

Part of that focus has translated into our investment into new features like Web Slices, because in some cases the fastest browser is the one that does not need to load a webpage at all. Beyond these efforts, we have also concentrated on improving IE as a web platform.

When we took a hard look at our goals and considered what we could do to build the best browser we were presented with a quandary. On the one hand, we could focus very narrowly on scripting performance, trusting that our investment would noticeably improve our users’ browsing experience. Alternatively, we could invest more broadly in realistic scenarios, measuring heavily-used subsystems and investing our optimization effort accordingly. We opted for the latter approach.

After some analysis, what we found was that investing the entirety of our effort on improving JScript would not substantially improve our users’ browsing experience in most cases. For a sample of the type of data we used in our analysis, I’ve included below a breakdown of the CPU cycles consumed by some of our key subsystems when navigating to the top 100 sites in IE8 Beta 1:

Layout Rendering HTML Parsing Marshalling CSS Formatting DOM JScript Other 43.16% 27.25% 2.81% 7.34%  8.66% 5.05% 3.23% 2.49%

Notice that when navigating to the top 100 sites the systems exercised in typical JScript/DOM benchmarks (e.g. SunSpider) account for less than 10% of the total time. Furthermore, we analyzed several common AJAX applications and performed similar analyses, with similarly surprising results:

Layout Rendering HTML Parsing Marshalling CSS Formatting DOM JScript Other 8.87% 8.68% 1.48% 7.40% 36.72% 11.72% 13.59% 11.54%

Even on a typical AJAX site (these numbers are for a leading webmail sites) it is telling that the JScript and DOM subsystems contribute less than a third of the total time.

Based on this data and other analyses we performed it was clear that to significantly improve browsing in IE8 we needed to make improvements to several areas of our code beyond JScript. In addition to discussing our improvements to the JScript engine I cover three of those areas below.

Performance benchmarking suites like SunSpider are still an important part of how we analyze our progress. They are a certainly valuable as a means to measure progress and to analyze some aspects of browsing performance in a laboratory environment. They are most useful when we understand how they fit into the larger scenarios we are trying to improve.

In particular, our analysis of IE subsystems has helped us understand where improvements to benchmarks translate into improvements to overall browsing speed. Ultimately though, performance benchmarking suites do not provide complete coverage for browsing performance and how well they represent your particular browsing habits may vary.

Scripting Improvements

As part of our broader effort to improve performance in IE8, we did make large investments in JScript performance to make pages faster and to help developers be more productive.

The JScript engine included with IE8 speeds up many common user scenarios. We have made huge improvements to widely-used JScript functionality including faster string, array, and lookup operations. We have also made changes to our core architecture to drastically reduce the cost of functions calls, object creation, and lookup patterns for variables scoped to the window or this objects.

Some of those improvements have been driven by existing bottlenecks in our code. Two longstanding developer pain points, String and Array operations, are in some cases now faster by several orders of magnitude compared to their previous incarnations. These improvements mean that developers no longer need to expend time and effort developing arcane workarounds to avoid slow areas of IE’s JScript implementation (no more array push-joins to avoid string concatenation!). Moreover, these changes have contributed to improve IE8’s performance on the SunSpider benchmarking suite by 400% compared to IE7.

Since most users do not use their browser solely to run JScript benchmarking suites, what’s even more important is that we’ve made many sites measurably faster. Our work to improve IE’s JScript engine has been instrumental in earning us positive feedback like that from Google.

Memory Management Improvements

The second area in which we are invested heavily in IE8 is in improvements to our memory usage. To date we have fixed just under 400 separate memory leaks in Internet Explorer. We have also worked hard to improve our heap fragmentation and memory usage on AJAX pages. For users, these changes reduce the amount of memory consumed by IE, improve our startup times, speed up navigating between pages, and help IE remain stable for longer periods of time. Besides these great benefits to end users, our work in this area should take a significant burden off of developers.

Specifically, we have worked hard to mitigate some common causes of leaks between our JScript and DOM. In previous versions of IE the JScript garbage collector (GC) managed the lifetime of JScript objects but not that of DOM objects. As a result the GC was unable to break circular references between DOM and JScript objects, resulting in memory leaks unless site authors took it upon themselves to carefully manage their memory footprint. In complex AJAX sites this is a daunting task and can easily consume lots of developer time.

In IE7 we made some improvements to this area by breaking those circular references when users navigate away from leaking pages. That mitigation, however, is not a long term solution for the complex interactive pages that users expect today.

With IE8 we have significantly augmented the garbage collector so that it can break many circular references over the lifetime of a site, reducing the burden on developers. Due to that work developers can spend more of their time focusing on building world class user websites and less on the minutiae of memory management.

Networking Improvements

As we started building IE8 it was clear that we could do more to take advantage of the increasing prevalence of high bandwidth connections. Two key improvements we made with IE8 were to unblock downloads in the presence of external scripts and to increase the number of parallel connections per server that we support.

Early in the inception of IE8 we recognized that blocking on external scripts was suboptimal given the modern reality of relatively inexpensive CPU cycles and the important role network latency plays in the performance of many websites. When IE8 encounters an external script we continue parsing on a second thread to ensure that we continue downloading page elements as fast as possible. In many cases that change will users’ favorite pages will download faster and developer will no longer need to spend time ensuring that scripts do not serialize their downloads.

In IE8 Beta 1 we also increased our per-server connection limit from 2 to 6. What this means is that in IE7 and below pages could only download 2 elements from a given server at any one time. Increasing that limit to 6 allows sites to download 3 times as much content in parallel, which should translate into faster page download times when bandwidth is available.

Rendering Engine Improvements

The last large area of I am going to cover in this post are the improvements we have made to layout and rendering in our new standards mode engine.

For those of you following IE8’s development, it should come as no surprise that we are building a new CSS 2.1 compliant rendering engine. As you may have guessed from the subsystem data I presented earlier in this post, we have also recognized that rendering and layout performance is a large component of overall browsing speed.

To ensure that developers and users are more productive in IE8, it is therefore clear that we need to deliver a great engine that does not introduce any performance penalty vis-à-vis the browser as it exists today.

In Beta 1 our standards mode engine was much slower than our IE7 engine. Over the last few months we have been making improvements by leaps and bounds. By our upcoming Beta 2 we expect our standards mode engine to be at parity with our previous implementation for many sites. Going forward we will continue to invest in this area with the goal that when IE ships, developers do not have to make any difficult decisions: developing for our new engine will produce sites that work better across browsers and as an added bonus they will be faster too!

The combination of the performance improvements I’ve outlined above mean that many sites will be faster in IE8, allowing our users to be more productive than ever before. At the same time we have also eliminated numerous rough patches so that web developers can build great sites in less time.

Best yet, with IE8 Beta 2, developers can see further improvements to our developer tools that will make them more productive developing lighting fast sites.

New Developer Features

Beyond the various enhancements we’ve made to IE8 to make you more productive when browsing the web or creating new sites, we’ve also added support for several key new technologies that you can harness to make your websites faster. In the remainder of this post I will briefly discuss three of my favorite IE8 developer features.

Data URI

Are you tired of spending time writing code to use CSS spriting to minimize network overhead of using many small images on your site? If so, the first of my favorite features may be just for you. With IE8 we add support for RFC 2397’s Data URIs. Instead of using a URL to point to an image file (and incurring additional round trip costs to transfer that file to the browser), you can use Data URIs to encode the data directly.

For instance, here is a Data URI representing a 10x10 blue dot (base64 encoded):

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKAQMAAAC3/F3+AAAACXBIWXMAAA7DAAAOwwHHb6hkAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAAANQTFRFALfvPEv6TAAAAAtJREFUCB1jYMAHAAAeAAEBGNlaAAAAAElFTkSuQmCC

You should note, however, that Data URIs should be used sparingly because they incur some client processing overhead due to their base64 encoding and because they cannot be cached in the same as images retrieved over the network. Since Data URIs are embedded directly into a document, script, or stylesheet you should try to embed them within one such element that is in turn cacheable.

Selectors API

In addition to our support for Data URIs, IE8 also supports the Selector APIs querySelector and querySelectorAll to let you lookup selectors from JScript orders of magnitude faster than you would previously using implementations included in frameworks. In informal tests against our recent builds I’ve seen some tests improve from several seconds to mere milliseconds when comparing our native implementation against the alternatives offered by common frameworks. For more detail regarding our implementation of the selectors API please refer to our Selectors API whitepaper.

JSON

The last of my three favorite IE8 developer features is our support for JSON, announced in an earlier post on this blog.

Developers on AJAX websites often use JavaScript Object Notation (JSON) to pass data between components of their site. In previous versions of IE developers were often forced to use JSON insecurely by using JScript’s eval method to revive JSON strings back into JScript objects. More secure sites typically used a more secure JSON parser to sanitize their JSON objects—often at the price of significant performance penalties. In both cases user and developer productivity was severely compromised.

To make everyone’s life easier with IE8 Beta 2 our JScript engine implements the ECMAScript 3.1 JSON proposal’s JSON.stringify and JSON.parse methods, providing a speedy and secure solution to a common developer problem.

Other great features

Those are my three favorite features that developers can harness to build better sites in IE8. Of course, your favorites may vary because beyond those three features we have great collection of developer features that you can take advantage of to build faster sites.

Our support for DOM storage (10mb of local storage per site!), XDomainRequest (secure cross-domain communication without a server-side proxy), and Connectivity Events (script can now tell if a user is connected to the internet) are all very powerful features that developers can harness to build faster websites.

Moreover, I am confident that our investment in tools and features for developers ensures that building fast sites in IE8 will be an easier and more transparent process than in any previous version of our browser.

I hope that this article has helped you understand a little better how our performance work fits into the Internet Explorer team’s goal of making us all more productive. Although it is often tempting to obsess about particular performance benchmarking suites I have always found it valuable to take a step back and look at the bigger picture for a moment to put everything in perspective.

With that in mind, I do recognize that your expectations are pretty high. We have lots more performance work planned for IE8 and I encourage you to keep following our progress as we release our upcoming Beta.

Christian Stockwell
Program Manager & Performance Geek

As others have written here before, users should be in control of their information. That’s at the core of privacy. Privacy has two aspects: disclosure and choice. Disclosure means informing users in plain language about the data collected about them and how it’s used. Choice means putting users in control of their data and giving them tools to protect it.

Have you ever wanted to take your web browsing “off the record”? Perhaps you’re using someone else’s computer and you don’t want them to know which sites you visited. Maybe you need to buy a gift for a loved one without ruining the surprise. Maybe you’re at an Internet kiosk and don’t want the next person using it to know at which website you bank.

What if you want to delete your browsing history after the fact, but you don’t want to lose your preferences at websites that you use frequently?

When we began planning IE8, we took a hard look at our customers’ concerns about privacy on the web. As evidenced by some of the comments on this blog during the IE7 days, many users are concerned about so-called “over-the-shoulder privacy”, or the ability to control what their spouses, friends, kids, and co-workers might see.

What about your privacy as you browse the web? As Dean outlined is his post earlier today, there is so-called “3rd-party” content on websites, some of which can gather data about how you browse the web. How do you know what that is, or how to control it?

With respect to privacy, IE8 gives users more choice about controlling what information they keep and exchange. In the first part of this post I’ll describe two Internet Explorer 8 features that help you control your history, cookies, and other information that Internet Explorer stores on your behalf. In the latter part, I’ll describe two more features that can help you control how your browsing history is shared by websites. By default, IE8 browses the web the same way IE7 does.

• InPrivate™ Browsing lets you control whether or not IE saves your browsing history, cookies, and other data
  
• Delete Browsing History helps you control your browsing history after you’ve visited websites.
  
• InPrivate™ Blocking informs you about content that is in a position to observe your browsing history, and allows you to block it

• InPrivate Subscriptions allow you to augment the capability of InPrivate Blocking by subscribing to lists of websites to block or allow.

InPrivate Browsing

If you are using a shared PC, a borrowed laptop from a friend, or a public PC, sometimes you don’t want other people to know where you’ve been on the web. Internet Explorer 8’s InPrivate Browsing makes that “over the shoulder” privacy easy by not storing history, cookies, temporary Internet files, or other data.

Using InPrivate Browsing is as easy as launching a new InPrivate Browsing window. When you’re done, just close the window and IE will take care of the rest.

While InPrivate Browsing is active, the following takes place:

• New cookies are not stored
  • All new cookies become “session” cookies
  • Existing cookies can still be read
  • The new DOM storage feature behaves the same way
• New history entries will not be recorded
• New temporary Internet files will be deleted after the Private Browsing window is closed
• Form data is not stored
• Passwords are not stored
• Addresses typed into the address bar are not stored
• Queries entered into the search box are not stored
• Visited links will not be stored

Delete Browsing History

In Internet Explorer 7, we added a feature called Delete Browsing History that lets you delete in one click all of the information that IE saves. This is a necessary tool that is a standard feature in all modern web browsers. If there are things in your web browsing past that you want to erase, you can do that easily.

The problem is that usually you don’t want to delete everything! Cookies, in particular, are really useful for storing preferences on websites that you use frequently. Many sites have a “remember me” option, which stores a cookie on your PC and identifies your user account. Other sites, particularly financial websites, will store a cookie on each computer that you use to eliminate extra challenge questions (i.e. “What was your high school mascot?”).

IE8 solves this problem by adding an option that lets you keep cookies and temporary Internet files from websites saved in your Favorites list:

To avoid having your favorite sites “forget you”, simply add them to your Favorites, and make sure the “Preserve Favorites website data” checkbox is selected. IE will preserve any cookies or cache files that were created by websites in your favorites.

Oh – and by the way – we heard your feedback about checkboxes! Now Delete Browsing History will remember your preferences. We also added a “Delete Browsing History on Exit” feature if you really want to keep your history squeaky-clean! To do so, click Tools->Internet Options:

In his post earlier today, Dean outlined some of the privacy issues surrounding third-party content, which powers some of the rich experiences you get on the web today, such as interactive maps and social networking shortcuts (“add to Digg”).

Some third-party content is shared by multiple websites. If you happen to browse to sites that refer to the same third-party resource, i.e. a script, image, stylesheet, information is sent to that third-party. Over time, the third-party can create a profile of which websites you go to, what links you click on, etc. It’s hard to know exactly how your data will be used and with whom it will be shared without reading and understanding the privacy policy of each third-party site providing content to the website you visit,.

Consider this hypothetical example. You walk into a shopping mall. In the middle of the shopping mall, there is someone in front of a kiosk who asks you if he can record what stores you visit while you’re there as part of a survey. In order to do so, he writes down a description of what you look like – not your name – but what you’re wearing, your height, etc. In several of the stores throughout the mall, there are people who identify you based on this data, and record whether or not you visit a particular store. When the mall closes, the surveyors in the store report their tallies back to the kiosk. What the surveyor ends up with is a list of some of the stores you visit while you’re at the mall.

This is analogous to how some third-party content works on the web today. Again, without reading specific privacy policies, it’s hard to say in general what third-parties do with the data (or whether or not they record it at all).

The first difference between this mall example and the real world is that the mall survey is hypothetical. Again, different third-party sites do different things with the data they can collect, and the best way to understand what they actually do is reading their privacy policy. The other major difference between this example and the web is how explicitly users are presented with a choice about sharing their information. Clearly there are benefits to sharing your information, starting with richer experiences. Many web sites rely on third-parties to provide content and services like interactive maps and financial data, or analytics and advertising in order to operate effectively. These third-party services often collect information in order to do their jobs. There are also potential drawbacks, such as privacy risks (who has what information?) and increased exposure to malicious content. Put simply, the web relies on a trade, or value exchange, between users and sites. Information goes back and forth: in exchange for “free” services and content, users “pay” with information, not money. There is nothing wrong with such a trade, as long as users are informed and are in control of the choice.

InPrivate Blocking

InPrivate Blocking is a feature designed to help give you information about third-party content that has a line of sight into your web browsing, and gives you a choice about what information you share with these sites. As Dean mentioned in his post, it’s possible for sites to track users without cookies. The only way to ensure that your data is not disclosed is to block content and prevent communication to sites.

While you browse the web, your IE keeps a local record of which third-party items your browser accesses, and where they were accessed from. For example, if you visit http://www.contoso.com/index.html, which contains the following snippet:

<html>
<head> <title> Contoso.com Homepage </head>
…
<script src=http://www.woodgrove-int.com/tracking.js>
…
</html>

and then visit http://www.wingtiptoys.com/, which contains the same snippet:

<html>
<head> <title> Great deals at Wingtiptoys.com </head>
…
<script src=http://www.woodgrove-int.com/tracking.js>
…
</html>

Woodgrove-int.com is now in a position to know that you’ve been to both contoso.com and wingtiptoys.com.

InPrivate Blocking keeps a record of third-party items like the one above as you browse. When you choose to browse with InPrivate, IE automatically blocks sites that have “seen” you across more than ten sites.

You can also manually choose items to block or allow, or obtain information about the third-party content directly from the site by clicking the “More information from this website” link. Note that Internet Explorer will only record data for InPrivate Blocking when you are in “regular” browsing mode, as no browsing history is retained while browsing InPrivate. An easy way to think of it is that your normal browsing determines which items to block when you browse InPrivate.

InPrivate Subscriptions

Users can augment the capability of InPrivate Blocking with InPrivate Subscriptions. Some users want to protect their privacy, but don’t want to make granular decisions about content to block or allow. Users can delegate these decisions to publishers of InPrivate Subscriptions. Users can subscribe to a list the same way they add an Accelerator, Web Slice, or search provider to IE: by clicking a link on a web page and confirming that they want this functionality:

Under the covers, InPrivate Subscriptions are simply RSS feeds of Regular Expressions that specify sub-downloads to block or allow. Anyone can publish an InPrivate Subscription on their website, just as they can offer an Accelerator or Web Slice on their website. We’ll post details about the file format as part of the updated IE8 Developer’s Guide with Beta 2.

Conclusion

IE8 helps put you in control of your data, both on your PC and on the Web. IE8 Beta 2 is coming soon, and I encourage you to download it and give us feedback.

Andy Zeigler
Program Manager

P.S. Check out Dean and Andy talking about IE8 and Privacy on Channel 9.

Edit: Added a P.S.

Previous posts have covered trustworthy principles in general and some product specifics as well. Privacy is an important part of trustworthy computing. This post discusses one aspect of privacy on the web: third-party content.

When most people browse the web, they think what they see in the address bar and the site they are visiting are the same thing. However, web sites today typically incorporate content from many different web sites. For the sake of clear terminology, the site the user browses to directly (seen in the address bar) is the first-party site; the other sites that the first-party site incorporates in its site experience (but that the user hasn’t navigated to directly) are third-party sites.

When you browse to a first-party site, you know that it can collect information about how you use the site.  What many users don’t realize is that technically, third-party sites can collect information about users as well. Users aren’t typically well-informed about which third-party sites are collecting what information, how the sites use this information today, or how the sites could use the information in the future.

Identifying Third-party Sites

Most websites today are actually mosaics, or mash-ups, of several different sites. To see this, you can bring up the Privacy Report in Internet Explorer (from IE7’s Page menu or IE6’s View menu, choose the Web Page Privacy Policy menu item) for any site you visit. Here’s part of the report for a news site, and another from a credit card site:

While the address bar shows the address of the current, first-party, site, this dialog shows the addresses of all the different web sites (including third-party sites) that the current web page includes content from. The browser visits every one of these sites in order to show the current web page’s content. 

The way that sites can pull content in from other sites is useful and powerful and typical on the web today. It’s part of the underlying design and structure of the web, and enables functionality (like an interactive map in the middle of a restaurant’s website, or a “share this” link in the middle a news article) that people value.

Third-Party Sites and Privacy

At the same time, bringing information together from different websites has privacy implications. A good example of this issue that most people have experienced involves email. Many email systems treat email messages that come from unknown senders in a special way, blocking images in them and displaying a warning like this one:

The message body typically has some missing images (“red X’s”) with text nearby, like “Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.”

Why do email systems block these external images? The sender may have programmed some information in the external image that is ­unique to the recipient – for example, having the image’s file name or location include the recipient’s email address. When the sender sees that a particular image was downloaded, then the sender knows which email message arrived in a valid account and was opened. By not downloading the content, the email recipient prevents his email system from disclosing information and protects his privacy from the unknown sender. Potentially, the recipient protects himself from more unsolicited email.

In general, every piece of web content that a computer requests from a website discloses information to that website. This basic technique enables a third-party site to track visitors across different first-party websites that include content from the same third-party. When several websites show content (like a syndicated photo or article) from the same third-party website, that third-party site can determine which of the websites a particular visitor has browsed to.

For example, say two totally unrelated sites, Site1.com and Site2.com, both include images from MySyndicatedPhotos.com. The user browses to both Site1.com and Site2.com, and the user’s browser calls MySyndicatedPhotos.com in order to get the images these sites include. MySyndicatedPhotos.com can figure out (by various means) that the same machine visited these two different sites.

As the user visits additional sites that show content from this same third-party site, this third-party site is in position to build a profile of the user’s activity across the different sites that include its content.

While cookies can definitely contribute here, and there’s been long-standing concern and confusion about “tracking cookies,” the fact is that any content coming from a third-party site can function like a tracking cookie. The intent of the content (a photo, article, logo, or site-specific analytics; image, text, or script) is technologically irrelevant to its potential use as a tracking mechanism. Note that even if the user had blocked all cookies, other content on third-party websites could still be used to build a profile. Third-party content isn’t inherently good or bad; it’s just technically possible to use it this way.

Actually Happening or Just Technically Possible, and Other Questions

To be clear, this post is about what a website can do when several other websites use content from it. It’s not what all third-party sites actually do when other sites refer to content on them. What is actually done with the available information is up to the third-party site, and in some ways very hard for anyone else to figure out. The third-party site could have a clear, well-written, and prominently posted privacy policy that guides its operations. It might not. The site could have an employee who loses a laptop with the data collected, or has malware on his machine and discloses collected information against policy. The site could have business arrangements with other sites that involve pooling data.

Also, this blog post isn’t meant as a technical deep-dive on the techniques sites can use to track users, or the different counter-measures technically-savvy users might take to avoid being tracked. The common technical theme here (as described above in the email case and here) involves ways that first-party sites enable information that can uniquely identify site visitors to flow to third-party sites. For example, many of the web addresses you’ll find in the Web Page Privacy Policy dialog are often quite long and contain unique identifiers.  There are better discussions of this topic elsewhere. For example, a recent IRC discussion about developing new standards for rich websites covered aspects of this topic. While it’s quite long, some parts are very relevant, like this one (that people “are being tracked whether they send cookies or not”) and this one (“anyone who wants to track people across the web can trivially do so at this point, even without cookies…. you can pretty easily ‘fingerprint’ people through things like their user-agent string, ip address, screen size, other js- and http- accessible prefs, etc and then with a simple set of analysis scripts you can easily work out who is who just look at the ‘anonymised’ search query string data aol released”).

Web browsing isn’t anonymous or perfectly private even without third-party sites. For example, the provider of Internet access (to a person’s home, hotel room, café table, or desk at school or work) can observe where the computer goes on the Internet. These providers typically provide terms of use, so users have clear notice and can choose to accept or decline connectivity under the stated terms. Any software running on the user’s machine can determine the websites the machine has visited; this is the basis of features like History, or toolbars that copy a user’s browser history up to the web so users can get at it from different machines. Again, terms of use and privacy policies are important tools here for users. The websites a user visits can determine information about the user (for example, the user’s likely location). Also, users give the sites they visit information directly in terms of what they click on and choose to do.

Third-Party Sites and Trust Issues

Given that web browsing isn’t anonymous and in some ways this is “how things work” on the web, what exactly is the trust issue? For many people, trust begins with security. The security risk here is plain: visiting one website exposes the user to potentially malicious content from other websites. The user visits one site and sees content on it that seems trustworthy (it’s on the site!) but actually comes from a different source. Finding examples of this problem on the web isn’t hard; it’s happened to visitors of several top tier websites.

Trust includes privacy as well. The privacy concern involves users having a choice, and being able to exercise control about what information they share. Today, users are not in control of which websites can get information about their browsing activities. As a result, web sites that users aren’t aware that they’ve visited and don’t have a well-defined relationship with are in position to build a profile of the users’ browsing patterns.

A guiding principle for Internet Explorer (and Microsoft overall, as part of Trustworthy Computing) is that the user should be in control. Consumers have come to expect security protections from their browsers, and are starting to have higher expectations about privacy protections as well. Control here means that users have clear notice and can tell what sites they may be disclosing information to and under what terms. Control also means that users can exercise choice about what information they disclose to whom. Preventing information disclosure means blocking content; blocking content creates a possible impact to the appearance and functionality of the page.

Beyond these issues, accountability is a question here as well. When a user visits one site after another, and each one includes some third-party content, who is accountable and who takes responsibility for the information collected about the user? On today’s web, that’s not at all clear.

The privacy and trust issues around third-party content are complex and important. As discussed in this blog before, trustworthy browsing involves many industry challenges, and, like many other efforts (e.g. interoperability), requires cooperation and trade-offs. Web privacy involves more than just blocking cookies. Enabling users to be in control starts with making users aware of the issues. In another post, we’ll cover IE8 functionality that helps users stay in control of their information.

Dean Hachamovitch
General Manager

Hot on the heels of Wednesday's 9.52 release comes our first snapshot of 9.60.

Everyone here at on the Desktop Team has been working hard to add new features to your favorite browser, and here's what you can look forward to in 9.60:

Opera Link
Custom search engines and typed history* are now joining bookmarks, speed dials, personal bar, and notes in Opera Link.

Feed Preview
Now you can preview an RSS/Atom feed before subscribing.

Opera Mail: Low Bandwidth Mode
Low Bandwidth Mode is a setting on mail accounts that makes Opera Mail use as little bandwidth as possible. For IMAP, this means that Opera will only synchronise new messages and it will not fetch message attachments unless requested. For POP, Opera will not fetch more than the first 100 lines of a message unless requested.

Opera Mail: Follow/Ignore threads and contacts
Follow and Ignore are new features for users that receive a lot of messages. It makes it easier to dismiss unimportant messages and easier to recognise important messages.

Opera Mail: Go To Thread
You can now also "Go to thread" which means that you can view only the messages from that thread. Useful for those that uses flat view.

Enjoy! :)

* Typed history is only the history you explicitly type or select from the address bar

WARNING: These are development snapshots: they contain the latest changes, but they also have severe known issues, including crashes and data loss situations. In fact, they may not work at all.

Known issues