What's New in Internet Explorer 8
64-Bit Downloads
Internet Explorer now supports download of files whose size exceeds 4 gigabytes (GB). Users of Internet Explorer 8 can take advantage of this functionality by default. Third-party extensions need to implement IBindStatusCallbackEx and return BINDF2_READ_DATA_GREATER_THAN_4GB from their GetBindInfoEx callback method. Download progress is reported through OnProgress by using the BINDSTATUS_64BIT_PROGRESS flag. These callback methods are supported by IMoniker::BindToObject and IMoniker::BindToStorage.
Accelerators
Because the Internet has become increasingly interactive, Internet Explorer 8 makes it easier to interact with content on a Web page. Accelerators are a type of browser extensions that act on Web page content by sending the information to a service of the user's choosing. Services then perform actions on the content (such as "email" or "bookmark") or provide more information ("translate" or "map"). Users can install and access Accelerators from the browser shortcut menu, making their browsing experience more efficient.
For more information, see OpenService Accelerators Developer Guide.
Accessibility and ARIA
In response to the increase in user interface (UI) complexity on the Web, the Web Accessibility Initiative World Wide Web link group has defined a roadmap for Accessible Rich Internet Applications (ARIA), which introduces ways for Web site authors to define how custom UI elements are accessed. ARIA accomplishes this by defining a set of HTML attributes that map back to common UI controls. As a result, users with disabilities can access Web sites with a rich interaction model. By exposing ARIA through the Microsoft Active Accessibility API in Internet Explorer 8, assistive technologies that already use Microsoft Active Accessibility can also support ARIA easily.
* The alt attribute is no longer displayed as the image tooltip when the browser is running in IE8 mode. Instead, the target of the longDesc attribute is used as the tooltip if present; otherwise, the title is displayed. The alt attribute is still used as the Microsoft Active Accessibility name, and the title attribute is used as the fallback name only if alt is not present.
* ARIA attribute syntax is the same in both IE8 mode and IE7 mode. Earlier releases of Internet Explorer 8 required a legacy property syntax when setting ARIA attributes in compatibility view. For cross-browser compatibility, always use the WAI-ARIA attribute syntax to access and modify ARIA properties, for example object.setAttribute("aria-valuenow", newValue).
For more information, see:
* ARIA Implementation Guide for AT Vendors: Internet Explorer 8
* Mapping ARIA Roles, States, and Properties to UI Automation
* What's New for Accessibility in Internet Explorer 8
ActiveX Improvements
Internet Explorer 8 offers greater control over your Microsoft ActiveX installation and debugging.
* Per-site ActiveX Nearly half of all ActiveX controls meant to run on only one site do not use any form of site locking technology. This means that many controls are not secure by default and could be misused by malicious Web sites. To prevent this in Internet Explorer 8, users can decide whether to allow ActiveX controls to run on a site-by-site basis. For more information, see Per-Site ActiveX Controls.
* Non-administrator installation Standard users (those without administrator privileges) can install ActiveX controls to their user profiles without a UAC prompt or administrator involvement of any kind. In the event that a user does install a malicious ActiveX control, only the user profile is affected; the system itself is not compromised. For more information, see Non-Admin ActiveX Controls.
* ActiveX Logging Internet Explorer 8 can report the most common installation and instantiation failures, such as security restrictions preventing an ActiveX control from being instantiated properly. ActiveX logging is performed the same as other Internet Explorer compatibility logging, by using the Internet Explorer Application Compatibility Toolkit. For more information, see Using the Internet Explorer Compatibility Test Tool.
AJAX Enhancements
Asynchronous JavaScript and XML (AJAX) is changing the way Web applications are built. Internet Explorer 8 brings new functionality to the XMLHttpRequest object that enables AJAX applications.
* AJAX Navigation Client requests that do not trigger traditional Web page navigation can now update the hash property, which allows the Back button to function appropriately.
* Connection Events Where data reliability is a priority, AJAX applications can choose to save data locally if they are disconnected from a network. See onoffline, ononline.
* Connections Per Server Internet Explorer 8 raises the number of connections per host by default, for a potential drop in Web page load times and increased parallelism in AJAX scenarios.
* Cross-document Messaging Documents in different domains can securely exchange data using postMessage. Documents that receive messages listen for the onmessage event.
* Cross-domain Request (XDR) To allow developers to more safely combine services from different Web sites, the XDomainRequest object restricts and secures communication between untrusted modules in a Web page. The browser shields the user from potential threats while allowing powerful cross-site interaction.
* Timeout Requests Internet Explorer 8 adds the ability to set a timeout property on server requests.
* Sanitize HTML Easily remove event properties and script from HTML fragments with window.toStaticHTML.
* Native JSON Support JavaScript Object Notation (JSON) objects (used widely in AJAX scenarios) can now be serialized and parsed directly in Microsoft JScript. Use JSON.stringify to transform object data to a string and JSON.parse to revive JSON-formatted text. You can also fine-tune your object's output by implementing a toJSON method. These new methods are much faster than script, and safer than using eval.
Code Protection Best Practices, part 1
Microsoft Software Licensing and Protection (SLP) Code Protector provides ability to specify exactly what code to transform. This permits the developer to accomplish two things: balance the security of protected code against the performance of the application, and to reduce overhead in ways that no other code protection mechanism allows.
Protecting Critical Intellectual Property
When selecting code to protect, choose those classes and methods that have a high intellectual property component, or that are particularly vulnerable to hacking or reverse-engineering. These include the following:
- Staging or initialization methods that permit access to functionality you want to control.
- Methods that enforce licensing.
- Code that implements algorithms which are unique to the product.
- Code that contains information about the infrastructure of the enterprise: database connections, passwords, etc.
However, how you apply protection is as important as the content that needs the protection. As with any advanced technology, SLP Code Protector has advantages in performance depending on the level at which code protection is applied. In some cases, the level at which protection is applied can significantly lower the performance of an application.
Managing Performance
There are certain code protection scenarios where the performance of a protected application is slower than the unprotected versions. This is usually the result of applying protection to methods containing iterations of complex calculations. For example, executing a math operation on every pixel of a bitmap graphic as part of an image processing application would negatively affect performance.
To work around this limitation, we recommend applying protection to methods that are not computationally intensive. In cases where you want to control access to a computationally intensive method, you can protect “gateway” methods — that is you protect the non-computationally intensive methods that call the computationally intensive methods. Consider a scenario where you are applying protection to an image processing application. You have implemented an algorithm that sharpens the image to enhance the clarity of captured images. To access this feature, users click Sharpen from a menu. The method that performs the work contains the iterated complex math. However, if you apply protection to the menu item, Sharpen, you can control the use of the feature without having to protect the computationally intense sharpen method.
Posted in: Others .NET Framework| Tags: Code Protection Best Practice .NET