Internet Explorer 7 RC1
Posted on Friday, August 25 2006 @ 13:30 CEST by LSDsmurfChangelog:
- Offline Favorites--Offline Favorites and Scheduled Offline Favorites have been removed from Internet Explorer 7. Internet Explorer supports RSS feeds which provides scheduled updates to web content and offline reading of this content. For more information about RSS Feeds, read the RSS Blog.
- Scriptlets--Internet Explorer 7 disables Dynamic HTML (DHTML) scriptlets by default. (Scriptlets were deprecated in Internet Explorer 5). They can be re-enabled by system administrators by changing URLActions with the Internet Control Panel (INetCPl.) The INetCPL text should read "Allow Scriptlets." If your programs rely on scriptlets, we recommend that you use DHTML behaviors, which are more efficient. Disabling scriptlets is part of our continued work to ensure that unsupported technology is deemphasized in Internet Explorer.
- ActiveX controls--The new Internet Explorer 7 ActiveX Opt-In feature disables ActiveX controls on a user's machine. When the user encounters a webpage with a disabled ActiveX control, they see an Information bar to enable the control. Controls which were used in Internet Explorer 6 before upgrading to Internet Explorer 7, along with some pre-approved controls, are not disabled.
- Channel Definition Format (CDF)--All CDF support was removed from Internet Explorer 7 and replaced with the RSS feed reading experience. Feeds that the user is subscribed to are available to other applications through the RSS Platform. For details, read the RSS Platform.
- DirectAnimation--All DLLs to support the Internet Explorer DirectAnimation component were removed in Internet Explorer 7 RC1.
- XBM--Support for XBM, an imaging format designed for X-based systems, was deleted.
- SSL--Support for weak SSL ciphers was removed from Windows Vista and support for SSLv2 was disabled for Internet Explorer 7 on all platforms.
- Windowed Select--The Windowed Select Element was replaced by Windowless Select in Internet Explorer 7. This results in some cosmetic changes.
- BASE Element--Internet Explorer 7 strictly enforces the BASE element rule, as documented in the HTML 4.01 standard. We no longer allow BASE tags outside of the HEAD of the document. The standard specifies that the base element must appear within the head of the document, before any elements that refer to an external source.
- window.opener and window.close--Internet Explorer 7 no longer allows the window.opener trick to bypass the window.close prompt. Browser windows cannot close themselves unless the windows were created in script. This security enhancement no longer allows browsing to a random site when the main browser window closes unexpectedly.
- Changes that affect modal or modeless dialogs created from script--Modal or modeless dialogs created from script in Internet Explorer 7 might seem to be slightly bigger than their Internet Explorer 6 counterparts. This is caused by a change to the behavior of the dialogWidth and dialogHeight properties, which now set and retrieve dimensions of the content area of a dialog (from Internet Explorer 7 and onward). It will no longer be necessary to calculate the area lost by components of a dialog’s frame.
- Generic Spoofing Risk Reduction in Internet Explorer 7--The window.prompt script method is blocked and the gold Information bar is displayed by default in Internet Zone for Internet Explorer 7. This is a new security enhancement for Internet Explorer 7.
- WWW-Auth--Internet Explorer 7 changes the precedence rules for WWW-Auth. Previous releases of Internet Explorer used the first header encountered. Internet Explorer 7 uses the first header except when the header is Basic. Internet Explorer 7 uses Basic authentication if no other authentication mechanism is present.
- HTTPOnly Cookies--HTTPOnly cookies can no longer be overwritten from scripts. _SEARCH--The _SEARCH sidebar is disabled by default in Internet Explorer 7 RC1. It is now a setting in the advanced InetCPL and can be turned on, using a URLAction.
- View Source--The view-source protocol no longer works in Internet Explorer 7 RC1.
- Gopher Protocol--Support for the Gopher protocol was removed at the WinINET level. (Gopher support was turned off by default in Internet Explorer 6.) window.external.ImportExportFavorites--window.external.ImportExportFavorites has been removed in Internet Explorer 7 Beta.
- Telnet--The Telnet protocol handler is no longer supported in Internet Explorer.
- SysImage URL Scheme--The SysImage URL Scheme has been removed from Internet Explorer.
- Status Bar Scripting--Script will no longer be able to set the status bar text through the window.status and window.defaultStatus methods by default in the Internet and Restricted Zones. This small step helps prevent attackers from leveraging those methods to spoof the status bar. To revert to previous behavior and allow Script to set the status bar through window.status and window.defaultStatus, follow these steps: Open Internet Explorer, click the Tools button, click Internet Options, and then click the Security tab. Click Internet or Restricted sites, and then click the Custom level button. Scroll down to Allow status bar updates via script, select Enable, and then click OK until you return to Internet Explorer.
- Security Settings for Script Access to the Clipboard--New security-related updates for Microsoft Internet Explorer 7 include a change in the default security settings for Script Access to the clipboard. Sites using scripts to access the clipboard in the Internet and Trusted sites zones will receive a prompt that will inform the user that their clipboard is being accessed by script. The prompt will require user permission to continue. This is designed to prevent the possibility of information disclosure through script access to the clipboard.
- Installing Internet Explorer 7 RC1 with Windows 2003 SP1--The homepage will be reset to the secure page (res://shdoclc.dll/softAdmin.htm).
|
Program Information Category: Internet and communication Type: Free Version: 7 RC1 Size: 14.5MB Works on: Windows Product page: here |
Loading Comments