Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The following table describes changes between Microsoft Internet Explorer 6 and Windows Internet Explorer 8.
Design changes from Internet Explorer 6 to Internet Explorer 7
Design changes from Internet Explorer 7 to Internet Explorer 8
${ROWSPAN2}$Internet Explorer versioning${REMOVE}$
Check for code that incorrectly special cases around Internet Explorer 6, Windows Internet Explorer 7, or Internet Explorer 8 through user-agent string sniffing, versions vectors, or conditional comments.
- When a long User Agent (UA) String encounters a server that accepts only shorter UA Strings, users see an error page.
- The Compatibility View in Internet Explorer 8, which is turned on by default for intranet sites, sends an Internet Explorer 7 user agent string. To differentiate between Internet Explorer 7 and Compatibility View, look for the new Trident token.
${ROWSPAN3}$ Standards compliance updates
- Applies to specified document modes.
- Internet Explorer 8 Compatibility View mode, which is on by default for intranet sites, typically reverts standards updates from Internet Explorer 7 to Internet Explorer 8.
- Use the EmulateIE7 X-UA-Compatible HTTP header or meta element to enable Compatibility View on websites or specific webpages.
${REMOVE}$
Quirks mode exception: You do not need to make standards compliance changes for webpages that specify the quirks mode DOCTYPE (by setting the “standards-compliance” DOCTYPE switch to “off”).
Applies to Internet Explorer 7 Standards or “Strict” mode and above:
- XML prologs in the first line of the source code no longer cause DOCTYPE declarations to fail.
- Box model overflow content intersects box and no longer automatically -grows the box div to fit the content.
- Certain CSS filters (for example, *HTML, _underscore, and /**/ comment) are not supported.
- Only the outermost OBJECT element in nested objects is instantiated .
- Applications that rely on the SELECT element to get an HWND to use with Microsoft Win32 APIs might break because the SELECT element is now a windowless control.
- Channel Definition Format (CDF) is not supported, in favor of RSS feeds.
- XBM, an imaging format that is designed for X-based systems, is not supported.
- BASE tags outside of the HEAD document are not allowed.
Applies to Internet Explorer 8 Standards mode and above:
- Unclosed P elements are automatically closed when they are followed by TABLE, FORM, NOFRAMES, or NOSCRIPT elements.
- Malformed HTML is not supported, in favor of well-formed, valid markup.
- The "className" attribute syntax is not supported, in favor of “class” syntax.
- The attributes collection does not contain all possible attributes that Windows Internet Explorer recognizes.
- Attribute ordering has changed, affecting attributes collection, innerHTML, and outerHTML.
- GetElementById is case-sensitive and does not search name attributes.
- Generic CSS prefix selectors (that is, v\:* syntax) are not supported, in favor of explicit tag names.
- CSS expressions are not supported, in favor of improved CSS support or DHTML logic.
- Code that is intended for custom JSON object methods might conflict with the new native JSON object in Internet Explorer 8.
- Unset initial properties on the currentStyle object return their initial value.
- Unspecified properties values on the currentStyle object style object return an empty string (for example, see the ASP.NET Menu and IE8 rendering white issue blog post).
- For sites and applications where accessibility is a concern, update ARIA syntax across all Internet Explorer rendering modes.
- Check the complete list of CSS updates from Internet Explorer 6 to Internet Explorer 8.
Security improvements
- Apply regardless of document mode.
- You can turn off security features by using Group Policy.
- The window.opener bypass to the window.close prompt is not allowed.
- Object caching protection is enabled by default, which blocks access to references of objects when users browse to a new domain (applies to Internet Explorer 6 and later versions on Windows XP with Service Pack 2 (SP2) and later versions).
- DHTML scriptlets are disabled by default.
- Scripts that write to the status bar are blocked.
- URL creation might fail if URLs do not meet RFC guidelines.
- HTTPS pages display an error page if the site is configured to SSLv2 only, or if the site security certificate is outdated or invalid, has errors, or has weak ciphers.
- Only "Punycode" encoded internationalized domain names are supported. Other formats like ANSI and UTF-8 are blocked.
- Cross-domain script URLs, redirected navigation in DOM objects, and frame navigations are blocked.
- Modal or modeless dialog boxes that are created from script might seem slightly bigger.
- Unsecure protocols view-source, Gopher (at the WinINET level), and Telnet do not work.
- XSS filter is on by default, which blocks script patterns that most frequently resemble Type-1 XSS attacks, unless you disable them through a X-XSS-Protection HTTP header.
- Cross-domain, cross-document communication hacks like SCRIPT SRC are not supported, in favor of safer XDM and XDR AJAX features.
- AJAX-enabled sites that manually manipulate the hash of the URL might be broken by the new window.location.hash navigation property.
- New AJAX features like XDM have native properties that might conflict with existing custom properties.
- File upload control submits only the file path, not the full path, to the server.
- HTML code or script that is delivered with an "image/*" MIME type is blocked from executing.
- Navigating a top-level frame to a site in a different security context opens a new window or tab instead of navigating within the existing frame.
- UTF-7 encoded script is forced into Windows-1252 encoding, which might cause plain text rendering.
- HTTP/HTTPS "mixed mode" pages display a dialog box that defaults to displaying secure items only (versus the previous nonsecure default). Users might mistakenly choose to block HTTP elements, like key images.
- DEP/NX is on by default, which blocks certain add-ons (that is, ActiveX controls and COM objects) that are built by using older versions of ATL from running code that is marked "non-executable" in memory.
- Content that is returned by a web proxy is blocked if an SSL tunnel is not established in response to a CONNECT request to the original server.
Architectural changes
- Apply regardless of document or compatibility mode.
- Protected Mode is enabled by default for Internet, Intranet, and Restricted Sites zones. This mode blocks browser extensions that could pose a security risk from running and lower privilege applications from accessing higher privilege processes, like the Start menu, Control Panel, and the Microsoft Windows registry (applies to Internet Explorer 7 and later versions on Windows Vista and later versions).
- Protected Mode Update: Intranet runs in medium (instead of low) integrity level by default.
- Loosely Coupled Internet Explorer might block add-ons (that is, ActiveX controls and COM objects) that do one of the following:
- Use windows hierarchy techniques to locate UI frame and tab windows (which now run in separate processes at different integrity levels).
- Create a subclass of the UI frame (now at medium integrity level) from a low-integrity tab process.
- Use unsupported messaging techniques between UI frame and tabs.
Related topics