Wednesday, 26 September 2012

IE7 is already in the History Books

Many modern websites (e.g. force.com) have no support for IE7. IE8 is built from the ground up. It passes the Acid2 browser test (documented on the Web Standards Project website), IE7 fails. This shows IE7 has poor web standards compliance! Acid2 tests support for so-called "data URLs" (RFC 2397).

IE8 also introduces some web security-oriented features. Some of these are MS-specific (e.g. restrictions on ActiveX controls) whilst others are more wide-ranging (e.g. relating to cross-site scripting (XSS)).

To understand web security, a good resource is OWASP (Open Web Application Security Project) whose mission is to "make software security visible".

No comments: