« SabreDAV 0.3
Google and Yahoo start indexing SWF's »

IE8 comprehensive protection

2008-07-03 2:21 am 2 Comments and

Today on the IE blog a big announcement was made regarding the upcoming security features in Internet Explorer 8.

Definitely check it out! Among things it includes an XSS protection filter, HTML sanitizing built straight into the scripting engine and a way to disable the infamous 'content sniffing'. I'd still hope to see the content-sniffing 'feature' to be opt-in, instead of the proposed opt-out solution.. but hey, at least it allows us to plug the hole.

To serve files as text/plain, serve the document with the Content-Type header as:

  1. Content-Type: text/plain; authoritative=true;

I have to say, I'm quite impressed how IE is catching up with things like standards and security.

2 Responses to IE8 comprehensive protection

Feed for this Entry
  1. 632 Jorrit Schippers 2008-07-03 6:16 pm

    Is "authoritative=true; " a standard then?

  2. 633 Evert 2008-07-03 7:20 pm

    It's not, but at least it gives us a way to work around the security bug..

About

My name is Evert, and I've been writing semi-regularly on this blog since 2006.

I'm currently available for contract work.

more info.

Subscribe

Dropbox

Dropbox is a simple cross-platform online backup and sync application. The first 2GB of space is free, and both you and me get an extra 250MB extra space if you sign up through this link.