Appendix 1: Internet Explorer 6 to Internet Explorer 8 browser changes

The following table describes changes between Microsoft Internet Explorer 6 and Windows Internet Explorer 8.

Design changes from Internet Explorer 6 to Internet Explorer 7

Design changes from Internet Explorer 7 to Internet Explorer 8

${ROWSPAN2}$Internet Explorer versioning${REMOVE}$

Check for code that incorrectly special cases around Internet Explorer 6, Windows Internet Explorer 7, or Internet Explorer 8 through user-agent string sniffing, versions vectors, or conditional comments.

• When a long User Agent (UA) String encounters a server that accepts only shorter UA Strings, users see an error page.

• The Compatibility View in Internet Explorer 8, which is turned on by default for intranet sites, sends a Internet Explorer 7 user agent string. To differentiate between Internet Explorer 7 and Compatibility View, look for the new Trident token.

${ROWSPAN3}$ Standards compliance updates

• Applies to specified document modes.
• Internet Explorer 8 Compatibility View mode, which is on by default for intranet sites, typically reverts standards updates from Internet Explorer 7 to Internet Explorer 8.
• Use the EmulateIE7 X-UA-Compatible HTTP header or meta element to enable Compatibility View on websites or specific webpages.

${REMOVE}$

Quirks mode exception: You do not need to make standards compliance changes for webpages that specify the quirks mode DOCTYPE (by setting the “standards-compliance” DOCTYPE switch to “off”).

Applies to Internet Explorer 7 Standards or “Strict” mode and above:

• XML prologs in the first line of the source code no longer cause DOCTYPE declarations to fail.
• Box model overflow content intersects box and no longer automatically -grows the box div to fit the content.
• Certain CSS filters (for example, *HTML, _underscore, and /**/ comment) are not supported.
• Only the outermost OBJECT element in nested objects is instantiated .
• Applications that rely on the SELECT element to get an HWND to use with Microsoft Win32 APIs might break because the SELECT element is now a windowless control.
• Channel Definition Format (CDF) is not supported, in favor of RSS feeds.
• XBM, an imaging format that is designed for X-based systems, is not supported.
• BASE tags outside of the HEAD document are not allowed.

Applies to Internet Explorer 8 Standards mode and above:

• Unclosed P elements are automatically closed when they are followed by TABLE, FORM, NOFRAMES, or NOSCRIPT elements.
• Malformed HTML is not supported, in favor of well-formed, valid markup.
• The "className" attribute syntax is not supported, in favor of “class” syntax.
• The attributes collection does not contain all possible attributes that Windows Internet Explorer recognizes.
• Attribute ordering has changed, affecting attributes collection, innerHTML, and outerHTML.
• GetElementById is case-sensitive and does not search name attributes.
• Generic CSS prefix selectors (that is, v\:* syntax) are not supported, in favor of explicit tag names.
• CSS expressions are not supported, in favor of improved CSS support or DHTML logic.
• Code that is intended for custom JSON object methods might conflict with the new native JSON object in Internet Explorer 8.
• Unset initial properties on the currentStyle object return their initial value.
• Unspecified properties values on the currentStyle object style object return an empty string (for example, see the ASP.NET Menu and IE8 rendering white issue blog post).

• For sites and applications where accessibility is a concern, update ARIA syntax across all Internet Explorer rendering modes.
• Check the complete list of CSS updates from Internet Explorer 6 to Internet Explorer 8.

Security improvements

• Apply regardless of document mode.
• You can turn off security features by using Group Policy.

• The window.opener bypass to the window.close prompt is not allowed.
• Object caching protection is enabled by default, which blocks access to references of objects when users browse to a new domain (applies to Internet Explorer 6 and later versions on Windows XP with Service Pack 2 (SP2) and later versions).
• DHTML scriptlets are disabled by default.
• Scripts that write to the status bar are blocked.
• URL creation might fail if URLs do not meet RFC guidelines.
• HTTPS pages display an error page if the site is configured to SSLv2 only, or if the site security certificate is outdated or invalid, has errors, or has weak ciphers.
• Only "Punycode" encoded internationalized domain names are supported. Other formats like ANSI and UTF-8 are blocked.
• Cross-domain script URLs, redirected navigation in DOM objects, and frame navigations are blocked.
• Modal or modeless dialog boxes that are created from script might seem slightly bigger.
• Unsecure protocols view-source, Gopher (at the WinINET level), and Telnet do not work.

• XSS filter is on by default, which blocks script patterns that most frequently resemble Type-1 XSS attacks, unless you disable them through a X-XSS-Protection HTTP header.
• Cross-domain, cross-document communication hacks like SCRIPT SRC are not supported, in favor of safer XDM and XDR AJAX features.
• AJAX-enabled sites that manually manipulate the hash of the URL might be broken by the new window.location.hash navigation property.
• New AJAX features like XDM have native properties that might conflict with existing custom properties.
• File upload control submits only the file path, not the full path, to the server.
• HTML code or script that is delivered with an "image/*" MIME type is blocked from executing.
• Navigating a top-level frame to a site in a different security context opens a new window or tab instead of navigating within the existing frame.
• UTF-7 encoded script is forced into Windows-1252 encoding, which might cause plain text rendering.
• HTTP/HTTPS "mixed mode" pages display a dialog box that defaults to displaying secure items only (versus the previous nonsecure default). Users might mistakenly choose to block HTTP elements, like key images.
• DEP/NX is on by default, which blocks certain add-ons (that is, ActiveX controls and COM objects) that are built by using older versions of ATL from running code that is marked "non-executable" in memory.
• Content that is returned by a web proxy is blocked if an SSL tunnel is not established in response to a CONNECT request to the original server.

Architectural changes

• Apply regardless of document or compatibility mode.

• Protected Mode is enabled by default for Internet, Intranet, and Restricted Sites zones. This mode blocks browser extensions that could pose a security risk from running and lower privilege applications from accessing higher privilege processes, like the Start menu, Control Panel, and the Microsoft Windows registry (applies to Internet Explorer 7 and later versions on Windows Vista and later versions).

• Protected Mode Update: Intranet runs in medium (instead of low) integrity level by default.
• Loosely Coupled Internet Explorer might block add-ons (that is, ActiveX controls and COM objects) that do one of the following:
  • Use windows hierarchy techniques to locate UI frame and tab windows (which now run in separate processes at different integrity levels).
  • Create a subclass of the UI frame (now at medium integrity level) from a low-integrity tab process.
  • Use unsupported messaging techniques between UI frame and tabs.

 

Related topics

Addressing Application Compatibility When Migrating to Internet Explorer 8