Internet Explorer 8 includes a filter that helps protect against
the type-1 (or “reflection”) XSS attacks, the most common form of XSS attack. It
uses heuristics to detect such attacks and sanitizes injected scripts.
Before running this demo, turn off the XSS Filter
(Tools -> Internet Options -> Security -> Custom Level -> Scroll To The Bottom of
the List -> Click Disable XSS Filter).
Click here, click "Log In
To Your Account" then click the Account Login page
and start typing in the
username and password boxes. You will see an example of a hacker using a XSS Reflection
attack to capture the username and password.
Now switch the XSS filter back on and go through the
Try downloading software from this
site, it is linking to a malware download.
This site has been flagged
as distributing malware.
When a user visits a site like
this one, the new SmartScreen Filter prompts the user to make sure the site
they expected to visit.
To help protect users against known Phishing Websites,
this one is blocked and users
are presented with a warning about proceeding.
In Internet Explorer 8, the browser’s frame and tabs run as separate, isolated processes—an
approach called Loosely-Coupled Internet Explorer (LCIE). In this way, if a Web
site or add-on causes a tab to crash or hang, only that tab is affected. The browser
itself remains stable and other tabs remain unaffected, thereby minimizing
any disruption or inconvenience for the user.
site, install the ActiveX control for this site only and
click on any of the images. You
will see the tab crash and reload automatically demonstrating tab isolation and
Web standards have emerged to help address this problem. If developers
code to these standards, which are designed to help ensure that all browsers interpret
and display Web page code in the same way, then developers won’t need to make tradeoffs
between efficiency, productivity, and the user experience. Instead, they can focus
on delivering great experiences that work as intended in any browser.
The Contoso Traveler site
has been designed to demonstrate CSS interoperability at work.
However, the Contoso
Traveler Tips page was coded specifically for Internet Explorer 7.
It does not render well in other browsers including IE8 when it is operating in
By using the “Compatibility View”
feature in Internet Explorer 8, that site can be rendered correctly.
However, in the past, this approach caused problems because browser components such
as the address bar, and Forward/Back buttons only updated after the Web page is
refreshed, having no way of tracking what’s happening within the page. As a result,
AJAX content updates don’t get saved as navigations, browser components don’t get
updated, and end users are left confused as to why browser features are stuck on
older content. Some Web sites work around this limitation by navigating a hidden
IFRAME while updating content using AJAX, which can decrease performance.
AJAX Navigation in Internet Explorer 8 enables developers to record
activity for AJAX applications as navigations within the browser, helping them ensure
that address bar and Forward/Back buttons work as the user would expect. In Internet
Explorer 8 Standards Mode, the browser treats changes to window.location.hash as
navigations, saving the previous document URL. As a result, the previous URL (which
may be from the previous hash fragment) is updated in the address bar, Forward/Back
buttons, and other browser components; a “click” sound plays, just as it does for
traditional navigation; and a new hashChanged event will fire. The onhashchange
event can be handled like any other window event, and Internet Explorer 8 will save
the hash URL fragment before navigating away from the page.
Visit this site
and use the map controls at the top of the page. Zoom in on the map, then use
the browser back button to navigate in reverse. You will see that the new IE8
Navigation feature allows the browser to behave as the user would expect,
taking them back
one zoom level rather than taking them back to a previous page.
The Search Box in Internet Explorer 8 looks similar, but it’s more helpful. As users
type a search term, they can see real-time search suggestions from their chosen
search provider, recommending common searches related to the text that is typed.
Users can click on a suggestion at any time to immediately execute the search without
having to type the entire word or phrase. Not only does this save time, but it increases
the odds that the search results will be relevant.
Click here to install the Live Search enhanced instant search provider.
Once installed, simply
enter a query in the Search Box to see the instant results.
In addition to Live Search, you can install the
New York Times,
Yahoo! enhanced instant search providers
to see results from other websites.