Sunday, August 27, 2006

Internet Explorer 7 RC1

The developers of the IE7-team has brought out the first release candidate of this software. IE7 RC1 is featurecomplete, which means there will not be any changes anymore, only bug fixes.

Changes in IE7 RC1:
  • Offline Favorites--Offline Favorites and Scheduled Offline Favorites have
    been removed from Internet Explorer 7. Internet Explorer supports RSS feeds
    which provides scheduled updates to web content and offline reading of this
    content. For more information about RSS Feeds, read the RSS Blog.
  • Scriptlets--Internet Explorer 7 disables Dynamic HTML (DHTML) scriptlets
    by default. (Scriptlets were deprecated in Internet Explorer 5). They can be
    re-enabled by system administrators by changing URLActions with the Internet
    Control Panel (INetCPl.) The INetCPL text should read "Allow
    Scriptlets." If your programs rely on scriptlets, we recommend that you
    use DHTML behaviors, which are more efficient. Disabling scriptlets is part
    of our continued work to ensure that unsupported technology is deemphasized
    in Internet Explorer.
  • ActiveX controls--The new Internet Explorer 7 ActiveX Opt-In feature
    disables ActiveX controls on a user's machine. When the user encounters a
    webpage with a disabled ActiveX control, they see an Information bar to
    enable the control. Controls which were used in Internet Explorer 6 before
    upgrading to Internet Explorer 7, along with some pre-approved controls, are
    not disabled.
  • Channel Definition Format (CDF)--All CDF support was removed from Internet
    Explorer 7 and replaced with the RSS feed reading experience. Feeds that the
    user is subscribed to are available to other applications through the RSS
    Platform. For details, read the RSS Platform.
  • DirectAnimation--All DLLs to support the Internet Explorer DirectAnimation
    component were removed in Internet Explorer 7 RC1.
  • XBM--Support for XBM, an imaging format designed for X-based systems, was
  • SSL--Support for weak SSL ciphers was removed from Windows Vista and
    support for SSLv2 was disabled for Internet Explorer 7 on all platforms.
  • Windowed Select--The Windowed Select Element was replaced by Windowless
    Select in Internet Explorer 7. This results in some cosmetic changes.
  • BASE Element--Internet Explorer 7 strictly enforces the BASE element rule,
    as documented in the HTML 4.01 standard. We no longer allow BASE tags
    outside of the HEAD of the document. The standard specifies that the base
    element must appear within the head of the document, before any elements
    that refer to an external source.
  • window.opener and window.close--Internet Explorer 7 no longer allows the
    window.opener trick to bypass the window.close prompt. Browser windows
    cannot close themselves unless the windows were created in script. This
    security enhancement no longer allows browsing to a random site when the
    main browser window closes unexpectedly.
  • Changes that affect modal or modeless dialogs created from script--Modal
    or modeless dialogs created from script in Internet Explorer 7 might seem to
    be slightly bigger than their Internet Explorer 6 counterparts. This is
    caused by a change to the behavior of the dialogWidth and dialogHeight
    properties, which now set and retrieve dimensions of the content area of a
    dialog (from Internet Explorer 7 and onward). It will no longer be necessary
    to calculate the area lost by components of a dialog’s frame.
  • Generic Spoofing Risk Reduction in Internet Explorer 7--The window.prompt
    script method is blocked and the gold Information bar is displayed by
    default in Internet Zone for Internet Explorer 7. This is a new security
    enhancement for Internet Explorer 7.
  • WWW-Auth--Internet Explorer 7 changes the precedence rules for WWW-Auth.
    Previous releases of Internet Explorer used the first header encountered.
    Internet Explorer 7 uses the first header except when the header is Basic.
    Internet Explorer 7 uses Basic authentication if no other authentication
    mechanism is present.
  • HTTPOnly Cookies--HTTPOnly cookies can no longer be overwritten from
    scripts. _SEARCH--The _SEARCH sidebar is disabled by default in Internet
    Explorer 7 RC1. It is now a setting in the advanced InetCPL and can be
    turned on, using a URLAction.
  • View Source--The view-source protocol no longer works in Internet Explorer
    7 RC1.
  • Gopher Protocol--Support for the Gopher protocol was removed at the
    WinINET level. (Gopher support was turned off by default in Internet
    Explorer 6.)
    has been removed in Internet Explorer 7 Beta.
  • Telnet--The Telnet protocol handler is no longer supported in Internet
  • SysImage URL Scheme--The SysImage URL Scheme has been removed from
    Internet Explorer.
  • Status Bar Scripting--Script will no longer be able to set the status bar
    text through the window.status and window.defaultStatus methods by default
    in the Internet and Restricted Zones. This small step helps prevent
    attackers from leveraging those methods to spoof the status bar. To revert
    to previous behavior and allow Script to set the status bar through
    window.status and window.defaultStatus, follow these steps: Open Internet
    Explorer, click the Tools button, click Internet Options, and then click the
    Security tab. Click Internet or Restricted sites, and then click the Custom
    level button. Scroll down to Allow status bar updates via script, select
    Enable, and then click OK until you return to Internet Explorer.
  • Security Settings for Script Access to the Clipboard--New security-related
    updates for Microsoft Internet Explorer 7 include a change in the default
    security settings for Script Access to the clipboard. Sites using scripts to
    access the clipboard in the Internet and Trusted sites zones will receive a
    prompt that will inform the user that their clipboard is being accessed by
    script. The prompt will require user permission to continue. This is
    designed to prevent the possibility of information disclosure through script
    access to the clipboard.
  • Installing Internet Explorer 7 RC1 with Windows 2003 SP1--The homepage
    will be reset to the secure page (res://shdoclc.dll/softAdmin.htm).



Post a Comment

<< Home