[MSFT:IE7] On Security, Compatibility, Extensibility, Community, and Open Source Syndication

by M. David Peterson

IEBlog : SSL, TLS and a Little ActiveX: How IE7 Strikes a Balance Between Security and Compatibility

Obsolete controls disabled through ActiveX opt-in

An important part of the ActiveX opt-in feature is doing good housekeeping of the ActiveX controls that come with Windows. Many sites will benefit from IE7's new native XMLHTTP control and sites can continue to use the MSXML 6.0 and 3.0 controls. The MSXML 5.0 control will not be enabled by default. The WMP 6.4 player is also disabled because its been replaced by the WMP 7 generation controls. As we can infer from HD Moore's month of browser bugs, using the newer controls and leaving older controls disabled helps reduce the chances of user being exposed to a security or stability issue in an older control.

Since this should be a straightforward change for most sites, we're asking for your help in moving your pages towards the native object XMLHTTP, the latest version of MSXML or the newer WMP control. In the best case scenario, the change might be to simply swap in the native object for XMLHTTP or the newer CLSID for the current WMP control.

There was a time that I had every desire and intention to stay closely attached with the development of IE7 and the RSS Web Feed engine via forums, blogs, and in some cases, email communication.

Why did that change?

ADD. My desire to overcome my ADD tendencies and actually place my primary focus on one of a bazillion and a half projects I have rolling around in my head at any given second, of any given day, month, week, year, and etc..

In other words,


Josh Peters
2006-10-18 18:27:36
IE7 still assumes that the object element is an ActiveX control, which sucks as it keeps this useful little container useless still.

Mark Pilgrim's article http://www.xml.com/pub/a/2003/07/02/dive.html still has relevancy even in IE7. This has been a bug since the beginning, and will it take designers harping about it for years (ala PNG transparency) to get it fixed?

Dear Microsoft IE team: when you do decide to begin implementing XHTML 2.0 (and XHTML 1 via the MIME type) please do it correctly, the way Opera, Safari, and FireFox handle object elements.

M. David Peterson
2006-10-18 18:38:02

It's a fair critique, and I agree... When they implement XHTML 2.0, lets hope the do it correctly, or not at all. Obviously there wouldn't be much point in doing it *ANY* other way than correctly, given that their current customer base (i.e. those in whom have sites that will only work correctly in IE) can't really complain about breaking something they don't even use.

M. David Peterson
2006-10-18 18:42:40
BTW... I don't think I could agree with you (and Mark Pilgrim) more in regards to the object tag. One of the tags that had/has? some of the greatest potential if properly implemented, and yet seems to be a forgotten has-been.