- Offline Favorites--Offline Favorites and Scheduled Offline Favorites have
been removed from Internet Explorer 7. Internet Explorer supports RSS feeds
which provides scheduled updates to web content and offline reading of this
content. For more information about RSS Feeds, read the RSS Blog.
- Scriptlets--Internet Explorer 7 disables Dynamic HTML (DHTML) scriptlets
by default. (Scriptlets were deprecated in Internet Explorer 5). They can be
re-enabled by system administrators by changing URLActions with the Internet
Control Panel (INetCPl.) The INetCPL text should read "Allow
Scriptlets." If your programs rely on scriptlets, we recommend that you
use DHTML behaviors, which are more efficient. Disabling scriptlets is part
of our continued work to ensure that unsupported technology is deemphasized
in Internet Explorer.
- ActiveX controls--The new Internet Explorer 7 ActiveX Opt-In feature
disables ActiveX controls on a user's machine. When the user encounters a
webpage with a disabled ActiveX control, they see an Information bar to
enable the control. Controls which were used in Internet Explorer 6 before
upgrading to Internet Explorer 7, along with some pre-approved controls, are
not disabled.
- Channel Definition Format (CDF)--All CDF support was removed from Internet
Explorer 7 and replaced with the RSS feed reading experience. Feeds that the
user is subscribed to are available to other applications through the RSS
Platform. For details, read the RSS Platform.
- DirectAnimation--All DLLs to support the Internet Explorer DirectAnimation
component were removed in Internet Explorer 7 RC1.
- XBM--Support for XBM, an imaging format designed for X-based systems, was
deleted.
- SSL--Support for weak SSL ciphers was removed from Windows Vista and
support for SSLv2 was disabled for Internet Explorer 7 on all platforms.
- Windowed Select--The Windowed Select Element was replaced by Windowless
Select in Internet Explorer 7. This results in some cosmetic changes.
- BASE Element--Internet Explorer 7 strictly enforces the BASE element rule,
as documented in the HTML 4.01 standard. We no longer allow BASE tags
outside of the HEAD of the document. The standard specifies that the base
element must appear within the head of the document, before any elements
that refer to an external source.
- window.opener and window.close--Internet Explorer 7 no longer allows the
window.opener trick to bypass the window.close prompt. Browser windows
cannot close themselves unless the windows were created in script. This
security enhancement no longer allows browsing to a random site when the
main browser window closes unexpectedly.
- Changes that affect modal or modeless dialogs created from script--Modal
or modeless dialogs created from script in Internet Explorer 7 might seem to
be slightly bigger than their Internet Explorer 6 counterparts. This is
caused by a change to the behavior of the dialogWidth and dialogHeight
properties, which now set and retrieve dimensions of the content area of a
dialog (from Internet Explorer 7 and onward). It will no longer be necessary
to calculate the area lost by components of a dialog’s frame.
- Generic Spoofing Risk Reduction in Internet Explorer 7--The window.prompt
script method is blocked and the gold Information bar is displayed by
default in Internet Zone for Internet Explorer 7. This is a new security
enhancement for Internet Explorer 7.
- WWW-Auth--Internet Explorer 7 changes the precedence rules for WWW-Auth.
Previous releases of Internet Explorer used the first header encountered.
Internet Explorer 7 uses the first header except when the header is Basic.
Internet Explorer 7 uses Basic authentication if no other authentication
mechanism is present.
- HTTPOnly Cookies--HTTPOnly cookies can no longer be overwritten from
scripts. _SEARCH--The _SEARCH sidebar is disabled by default in Internet
Explorer 7 RC1. It is now a setting in the advanced InetCPL and can be
turned on, using a URLAction.
- View Source--The view-source protocol no longer works in Internet Explorer
7 RC1.
- Gopher Protocol--Support for the Gopher protocol was removed at the
WinINET level. (Gopher support was turned off by default in Internet
Explorer 6.)
window.external.ImportExportFavorites--window.external.ImportExportFavorites
has been removed in Internet Explorer 7 Beta.
- Telnet--The Telnet protocol handler is no longer supported in Internet
Explorer.
- SysImage URL Scheme--The SysImage URL Scheme has been removed from
Internet Explorer.
- Status Bar Scripting--Script will no longer be able to set the status bar
text through the window.status and window.defaultStatus methods by default
in the Internet and Restricted Zones. This small step helps prevent
attackers from leveraging those methods to spoof the status bar. To revert
to previous behavior and allow Script to set the status bar through
window.status and window.defaultStatus, follow these steps: Open Internet
Explorer, click the Tools button, click Internet Options, and then click the
Security tab. Click Internet or Restricted sites, and then click the Custom
level button. Scroll down to Allow status bar updates via script, select
Enable, and then click OK until you return to Internet Explorer.
- Security Settings for Script Access to the Clipboard--New security-related
updates for Microsoft Internet Explorer 7 include a change in the default
security settings for Script Access to the clipboard. Sites using scripts to
access the clipboard in the Internet and Trusted sites zones will receive a
prompt that will inform the user that their clipboard is being accessed by
script. The prompt will require user permission to continue. This is
designed to prevent the possibility of information disclosure through script
access to the clipboard.
- Installing Internet Explorer 7 RC1 with Windows 2003 SP1--The homepage
will be reset to the secure page (res://shdoclc.dll/softAdmin.htm).
|