Welcome To The Internet Explorer 8 Demo Site

Cross Site Scripting (XSS) attacks are emerging as a leading exploit against Web servers, surpassing buffer overflows as the most common exploit vector on the Web. They exploit vulnerabilities in Web applications to steal cookies or other data, deface pages, steal credentials, or launch more exotic attacks.

Internet Explorer 8 includes a filter that helps protect against the type-1 (or “reflection”) XSS attacks, the most common form of XSS attack. It uses heuristics to detect such attacks and sanitizes injected scripts.

Before running this demo, turn off the XSS Filter
(Tools -> Internet Options -> Security -> Custom Level -> Scroll To The Bottom of the List -> Click Disable XSS Filter).

Click here, click "Log In To Your Account" then click the Account Login page and start typing in the
username and password boxes. You will see an example of a hacker using a XSS Reflection
attack to capture the username and password.

Now switch the XSS filter back on and go through the process again.

Internet Explorer 7 introduced an anti-phishing filter that helped protect users from fraudulent Web sites that try to trick people into revealing private data. The SmartScreen Filter in Internet Explorer 8 increases anti-phishing protection through more a more granular and detailed examination of the entire URL string, and it complements that enhanced anti-phishing protection with a new anti-malware capability that warns users when they browse to sites known to distribute malicious software. Users can choose to enable or disable the SmartScreen filter at first run or at any subsequent time, and can also choose to help improve the Web for everyone by reporting suspected malicious sites through the same tool.

Try downloading software from this site, it is linking to a malware download.

This site has been flagged as distributing malware.

When a user visits a site like this one, the new SmartScreen Filter prompts the user to make sure the site they expected to visit.

To help protect users against known Phishing Websites, this one is blocked and users
are presented with a warning about proceeding.

Internet Explorer 8 is the most stable version – ever. While this reduces the likelihood that users will experience a crash, the Web still has many poorly-behaved Web sites and unstable add-ons. In Internet Explorer 7, if one tab crashed, it could potentially crash or hang the entire browser—including other tabs the user may have had open.

In Internet Explorer 8, the browser’s frame and tabs run as separate, isolated processes—an approach called Loosely-Coupled Internet Explorer (LCIE). In this way, if a Web site or add-on causes a tab to crash or hang, only that tab is affected. The browser itself remains stable and other tabs remain unaffected, thereby minimizing
any disruption or inconvenience for the user.

Visit this site, install the ActiveX control for this site only and click on any of the images. You
will see the tab crash and reload automatically demonstrating tab isolation and crash recovery.

When different Web browsers interpret Web page code in different ways, the same Web site can look great in one browser and broken in another. For Web sites to work well with all browsers, developers must either include code that is unique for each browser – requiring a lot of extra work – or only use code that behaves consistently across all major browsers, which limits the user experience. The greater the differences between browsers, the more work developers must do or the greater the limitations they must accept.

Web standards have emerged to help address this problem. If developers code to these standards, which are designed to help ensure that all browsers interpret and display Web page code in the same way, then developers won’t need to make tradeoffs between efficiency, productivity, and the user experience. Instead, they can focus on delivering great experiences that work as intended in any browser.

The Contoso Traveler site has been designed to demonstrate CSS interoperability at work.
However, the Contoso Traveler Tips page was coded specifically for Internet Explorer 7.
It does not render well in other browsers including IE8 when it is operating in standards mode.
By using the “Compatibility View” feature in Internet Explorer 8, that site can be rendered correctly.

One key benefit of using AJAX is the ability to update the content on a Web page without a “full” round-trip between the browser and the Web server – and subsequently re-rendering the entire page. Instead, only data is exchanged (usually as XML) and a portion of the page is updated – such as on an online mapping site, enabling the user to zoom or pan within map.

However, in the past, this approach caused problems because browser components such as the address bar, and Forward/Back buttons only updated after the Web page is refreshed, having no way of tracking what’s happening within the page. As a result, AJAX content updates don’t get saved as navigations, browser components don’t get updated, and end users are left confused as to why browser features are stuck on older content. Some Web sites work around this limitation by navigating a hidden IFRAME while updating content using AJAX, which can decrease performance.

AJAX Navigation in Internet Explorer 8 enables developers to record activity for AJAX applications as navigations within the browser, helping them ensure that address bar and Forward/Back buttons work as the user would expect. In Internet Explorer 8 Standards Mode, the browser treats changes to window.location.hash as navigations, saving the previous document URL. As a result, the previous URL (which may be from the previous hash fragment) is updated in the address bar, Forward/Back buttons, and other browser components; a “click” sound plays, just as it does for traditional navigation; and a new hashChanged event will fire. The onhashchange event can be handled like any other window event, and Internet Explorer 8 will save the hash URL fragment before navigating away from the page.

Visit this site and use the map controls at the top of the page. Zoom in on the map, then use
the browser back button to navigate in reverse. You will see that the new IE8 AJAX
Navigation feature allows the browser to behave as the user would expect, taking them back
one zoom level rather than taking them back to a previous page.

Internet Explorer 7 has a built-in Search Box to the right of the Address Bar. When the user enters a search term, that term is passed from the Search Box to the user’s preferred search engine and the user is taken to search results Web page from that preferred provider.

The Search Box in Internet Explorer 8 looks similar, but it’s more helpful. As users type a search term, they can see real-time search suggestions from their chosen search provider, recommending common searches related to the text that is typed. Users can click on a suggestion at any time to immediately execute the search without having to type the entire word or phrase. Not only does this save time, but it increases the odds that the search results will be relevant.

Click here to install the Live Search enhanced instant search provider. Once installed, simply
enter a query in the Search Box to see the instant results.

In addition to Live Search, you can install the Amazon, eBay, Me.di.um,
New York Times, Wikipedia or Yahoo! enhanced instant search providers
to see results from other websites.