 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
| HomeDiscussion GroupsGeneralPHPASPPerlColdFusionFlashHTML, CSS, ScriptsBrowsers |
Webmaster Forum / HTML, CSS, Scripts / CSS / May 2006IE7 bugs reported - anyone like to support them?
Hello, Having discovered what I believe to be two CSS bugs in IE7, I have submitted bug reports to MS. AFAIK, these don't get acted on until they receive votes form others to say they are worth investigating. As (I naively assume) it's in everyone's interest to see IE7 support CSS properly, would anyone care to vote for these bugs, so that they might get fixed before IE7 comes out of beta? The bug IDs are 79985 and 79991 and you can find direct links to them below (you'll need to log in with a passport account). Thanks https://connect.microsoft.com/feedback/ViewFeedback.aspx?SiteID=136&FeedbackID=79991 https://connect.microsoft.com/feedback/ViewFeedback.aspx?SiteID=136&FeedbackID=79985  SignatureAlan Silver (anything added below this line is nothing to do with me) > Having discovered what I believe to be two CSS bugs in IE7, I have > submitted bug reports to MS. AFAIK, these don't get acted on until they > receive votes form others to say they are worth investigating. AIUI they're not gonna do anything with CSS anymore before the final version, but I could be mistaken. > As (I naively assume) it's in everyone's interest to see IE7 support CSS > properly, would anyone care to vote for these bugs, so that they might > get fixed before IE7 comes out of beta? Are you sure these are bugs that aren't discovered before already? Have a look through these for example: http://www.quirksmode.org/bugreports/archives/explorer_7_beta_2/index.html http://css-discuss.incutio.com/?page=IE7 > The bug IDs are 79985 and 79991 and you can find direct links to them > below (you'll need to log in with a passport account). > > https://connect.microsoft.com/feedback/ViewFeedback.aspx?SiteID=136&FeedbackID=79991 > https://connect.microsoft.com/feedback/ViewFeedback.aspx?SiteID=136&FeedbackID=79985 No, you need to log in with your passport account, then accept a very long page with terms of something, and then register with name etc. Sorry, too much work - can't you just explain about the bugs here? Or better: give links to your test pages? Someone might be able to confirm they're actual (new) bugs, or explain why they aren't. SignatureEls http://locusmeus.com/ accessible web design: http://locusoptimus.com/ >> Having discovered what I believe to be two CSS bugs in IE7, I have >> submitted bug reports to MS. AFAIK, these don't get acted on until they >> receive votes form others to say they are worth investigating. > >AIUI they're not gonna do anything with CSS anymore before the final >version, but I could be mistaken. Oh, what a shame. I was hoping that by reporting the bugs, they might try and fix them before the final release. >> As (I naively assume) it's in everyone's interest to see IE7 support CSS >> properly, would anyone care to vote for these bugs, so that they might [quoted text clipped - 4 lines] >http://www.quirksmode.org/bugreports/archives/explorer_7_beta_2/index.html >http://css-discuss.incutio.com/?page=IE7 Yup, AFAICS neither of these bugs appear in either of those lists. More to the point, even if they did, MS are only likely to take notice of bugs reported via their own feedback system. I don't imagine they go around reading every blog and bug list on the web. >> The bug IDs are 79985 and 79991 and you can find direct links to them >> below (you'll need to log in with a passport account). [quoted text clipped - 8 lines] >long page with terms of something, and then register with name etc. >Sorry, too much work Pain isn't it? Still, it didn't actually take very long, especially if you already have a passport account, and you only have to do it the once. > - can't you just explain about the bugs here? Or >better: give links to your test pages? Someone might be able to >confirm they're actual (new) bugs, or explain why they aren't. I have previously discussed the bugs here and elsewhere, and am certain that they are bugs. I wasn't posting in order to ask for help, I was hoping that others would support them as genuine bugs worthy of attention, so that MS might take notice of them and try and fix them. That is what their feedback system is for. Ta ra SignatureAlan Silver (anything added below this line is nothing to do with me) > As (I naively assume) it's in everyone's interest to see IE7 support > CSS properly, would anyone care to vote for these bugs, so that they > might get fixed before IE7 comes out of beta? As far as I'm concerned, MS have documented their deliberate violation of mandatory requirements of the interworking protocols, and by doing so have themselves ruled out IE as a world wide web browser. Whoever chooses to use it as one is welcome to whatever they get when they browse pages that are made for the WWW. I don't normally go out of my way to provoke it[1], but neither am I willing to go out of my way to pander to it - and that includes acting as an unpaid debugger. It's not as if they don't get enough income to do their own testing. ttfn [1] except for the purposes of demonstration, anyway. What /does/ 7beta do when confronted by this URL, by the way? http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg >> As (I naively assume) it's in everyone's interest to see IE7 support >> CSS properly, would anyone care to vote for these bugs, so that they [quoted text clipped - 3 lines] >of mandatory requirements of the interworking protocols, and by doing >so have themselves ruled out IE as a world wide web browser. Maybe, but it's still far and away the most widely-used browser, and is likely to remain so. Therefore, it is in our own interests to try and persuade them to improve it to the point of being at least compliant with the W3C recommendations. It would save us a lot of time and trouble if IE actually displayed our pages how they should be. >Whoever chooses to use it as one is welcome to whatever they get when >they browse pages that are made for the WWW. But the vast majority of people don't *choose* to use it, they use it simply because it comes preinstalled with Windows, and they do not know of any reason to think about using anything else. I don't know if you have tried convincing a non-technical PC user to ditch IE and move to another browser, but I have and it was very hard work. Their attitude was that IE works, so why bother installing something else. Truth is, from a non-technical user's point of view, IE works far better than any other browser, due to the vast number of web pages that were written with IE in mind. Many pages that were written by people who understand standards don't actually look as good in IE. As far as your Joe Public is concerned, he has no reason to move away from something that he perceives as working, to install something that he perceives as giving him a poorer browser experience. That's not to say that I agree with this, but it's a reality. I don't use IE for general browsing, but I recognise that I have to cater for it if I want to write pages for the WWW. I would love to ignore IE and write for compliant browsers only, but I don't think I'd be in business for very long <g> > I don't normally go out >of my way to provoke it[1], but neither am I willing to go out of my >way to pander to it - and that includes acting as an unpaid debugger. >It's not as if they don't get enough income to do their own testing. Maybe, maybe not. I don't really care. I just know that's it's buggy, and MS have provided a way for us to give feedback. I'm trying to use that method to push them into fixing two bugs I have found. I prefer that to sticking my head in the sand and pretending that IE doesn't exist. This is not a criticism, but I just don't think your attitude is realistic, even though I agree with you in principle. Ta ra >ttfn > >[1] except for the purposes of demonstration, anyway. What /does/ >7beta do when confronted by this URL, by the way? >http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg It shows a little pop-up with a cheeky message!! What was the point? SignatureAlan Silver (anything added below this line is nothing to do with me) > Alan J. Flavell <flavell@physics.gla.ac.uk> writes ... > > Whoever chooses to use it as one is welcome to whatever they get > > when they browse pages that are made for the WWW. > > But the vast majority of people don't *choose* to use it, they use > it simply because it comes preinstalled with Windows, and they do > not know of any reason to think about using anything else. Based on what you're saying, *you* don't seem to believe that MSIE is capable of browsing pages made for the WWW. I don't really think it's as bad as that. The problems lie elsewhere, for the most part. > I don't know if you have tried convincing a non-technical PC user to > ditch IE and move to another browser, but I have and it was very > hard work. This is no concern of mine. They're welcome to do what they please, but they mustn't expect me to be their nanny. In so far as IE can browse WWW pages, they get what they get. > > [1] except for the purposes of demonstration, anyway. What /does/ > > 7beta do when confronted by this URL, by the way? > > http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg > > It shows a little pop-up with a cheeky message!! What was the point? The point was RFC2616 section 7.2.1 http://www.w3.org/Protocols/rfc2616/rfc2616-sec7.html#sec7.2.1 This is authoritatively an image/jpeg content: our swerver says so. The actual content body doesn't even *claim* to be HTML: it merely contains enough pointy brackets to confuse IE into interpreting as such. The active content (in this case, client-side jscript and a meta refresh) that has been smuggled through to IE, and which IE has uncritically executed, could have been designed more maliciously than the relatively harmless joke which I put there. It's no wonder that the gormless IE users, whom you seem so keen to find excuses for in the name of "being realistic", are so easily infected with viruses and trojans, and turned into zombie farms. <snip> >Based on what you're saying, *you* don't seem to believe that MSIE is >capable of browsing pages made for the WWW. I don't really think it's >as bad as that. The problems lie elsewhere, for the most part. I never said that, nor did I mean it. >> I don't know if you have tried convincing a non-technical PC user to >> ditch IE and move to another browser, but I have and it was very [quoted text clipped - 3 lines] >but they mustn't expect me to be their nanny. In so far as IE can >browse WWW pages, they get what they get. Well, I'm in business, I need to support whatever people use. Most people use IE, therefore I need to support it. Thus, it is in my interest (as I believe most people here) for IE to improve as much as possible. Note also that I was merely pointing out that the current predominance of IE is unlikely to change. Whether that is right or wrong is academic. <snip> >It's no wonder that the gormless IE users, whom you seem so keen to >find excuses for in the name of "being realistic", I take exception to your describing the vast majority of PC users as gormless. Merely because they do not share our technical interest in standards-based web design (why should they?), they should not be classed as gormless. Their use of IE is based on them not having any knowledge of why they might be better off with something else. That does not show a lack of gorm, it shows that they have not been educated. I pointed out that the task of education is so great, that it is a fairly pointless thing to take on. Furthermore, I am not "finding excuses" for people, I am describing a reality. Whether the reasons for using IE are good or bad, they are real. > are so easily >infected with viruses and trojans, and turned into zombie farms. AFAIK, the vast majority of viruses that get into people's machines are not introduced via IE. E-mail and dodgy downloads seem to account for far more than IE. Not that this is the slightest bit relevant anyway. Anyway, I didn't come here to argue, nor do I intend to do so. I respect your opinion, although retain my right to disagree with it as stated. To me, it is in our interest to try and persuade MS to improve IE. If you don't agree, then that's up to you. Ta ra SignatureAlan Silver (anything added below this line is nothing to do with me) To further the education of mankind, "Alan J. Flavell" <flavell@physics.gla.ac.uk> vouchsafed: >> > [1] except for the purposes of demonstration, anyway. What /does/ >> > 7beta do when confronted by this URL, by the way? [quoted text clipped - 19 lines] > find excuses for in the name of "being realistic", are so easily > infected with viruses and trojans, and turned into zombie farms. Is this IE7 only? In IE6 I get (onscreen): <title>Take Cover</title> <meta http-equiv=refresh content="1; URL=http://ppewww.ph.gla.ac.uk/~flavell/tests/tests.txt"> <body onload="alert('Boo! ... All your base are belong to us.')"> IOWs, no redirect or js. SignatureNeredbojias Infinity has its limits. > Is this IE7 only? I guess it depends on your settings in IE6. > In IE6 I get (onscreen): > [quoted text clipped - 4 lines] > > <body onload="alert('Boo! ... All your base are belong to us.')"> Well, that's the content of the spoof JPG file alright. But on IE6 I get a security alert telling me that scripts are mostly harmless, and inviting me to proceed (many users wouldn't even have configured that, I suppose), and if I consent, then it does the js, after which it does the refresh. Hmmm, that was in Win2k. On an independent copy of IE6 in XP SP2, which incidentally has been configured to "trust" our web server, there's no security alert, it goes directly to the jscript-ed alert, after which it does the refresh. > IOWs, no redirect or js. It sounds as if you have yours configured more safely than many another user, then... But it looks as if yours has decided to display it as plain text, despite having been told that it's a JPEG image. Which is at least safer than parsing it as HTML. I still say that Mozilla (which announces that the image cannot be displayed because it contains errors) and Opera (which displays an [IMAGE] placeholder where the broken image should have been) are behaving to the spirit of RFC2616. Deciding to do something for the good of humanity, "Alan J. Flavell" <flavell@physics.gla.ac.uk> declared in comp.infosystems.www.authoring.stylesheets: > I still say that Mozilla (which announces that the image cannot be > displayed because it contains errors) and Opera (which displays an > [IMAGE] placeholder where the broken image should have been) are > behaving to the spirit of RFC2616. FWIW, my copy of Firefox (1.5) just displays the URI as text - if I look at the properties of the "page", it claims that this is what the alt text of the image says. SignatureMark Parnell My Usenet is improved; yours could be too: http://blinkynet.net/comp/uip5.html > Deciding to do something for the good of humanity, "Alan J. Flavell" > <flavell@physics.gla.ac.uk> declared in [quoted text clipped - 6 lines] > > FWIW, my copy of Firefox (1.5) just displays the URI as text That's odd - thanks for the report. It seems to be version-dependent. To further the education of mankind, "Alan J. Flavell" <flavell@physics.gla.ac.uk> vouchsafed: >> Is this IE7 only? > [quoted text clipped - 28 lines] > despite having been told that it's a JPEG image. Which is at least > safer than parsing it as HTML. Yes, and I could have easily reset a few things in the past, but darned if I remember what. > I still say that Mozilla (which announces that the image cannot be > displayed because it contains errors) and Opera (which displays an > [IMAGE] placeholder where the broken image should have been) are > behaving to the spirit of RFC2616. FYI, I also get the same response as Mark Parnell in ff. (WinXP Sp2 w/ all updates.) SignatureNeredbojias Infinity has its limits. > [1] except for the purposes of demonstration, anyway. What /does/ > 7beta do when confronted by this URL, by the way? > http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg It is not a bug, it is a completely correct behavior for HTTP. You asked for a document spoof.jpg. At the moment of the initial request UA has no means to know if it's an image, HTML document or some all new electronic format requiring a plugin to install. It doesn't know it as file extension is meaningless in HTTP: it doesn't prove anything and it doesn't imply anything. Your server reported this resource to be Content-Type of text/html. Any standard compliant UA has to try to render it as text/html. It is a very common mistake though to transfer Windows file extension schemas onto Web. See more at: <http://groups.google.com/group/comp.infosystems.www.authoring.html/tree/browse_f rm/thread/90b0fb057ff808f4/2bd5a9bc6dab7dd6?rnum=11&hl=en&_done=%2Fgroup%2Fcomp. infosystems.www.authoring.html%2Fbrowse_frm%2Fthread%2F90b0fb057ff808f4%2F%3Fhl% 3Den%26#doc_bffe6ec35225b386> Alan J. Flavell wrote: >> [1] except for the purposes of demonstration, anyway. What /does/ >> 7beta do when confronted by this URL, by the way? >> http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg > Your server reported this resource to be > Content-Type of text/html. Any standard compliant UA has to try to > render it as text/html. Are you sure? When I request it, the server identifies it as Content-Type: image/jpeg Any compliant web browser will treat it as a (broken) JPEG image. Anything that treats it as HTML is broken. SignatureDarin McGrew, mcgrew@stanfordalumni.org, http://www.rahul.net/mcgrew/ Web Design Group, darin@htmlhelp.com, http://www.HTMLHelp.com/ "If you loan $20 to someone you never see again, it was probably worth it." > > Your server reported this resource to be > > Content-Type of text/html. Any standard compliant UA has to try to [quoted text clipped - 3 lines] > > Content-Type: image/jpeg It is? Sorry then. > Any compliant web browser will treat it as a (broken) JPEG image. Anything > that treats it as HTML is broken. Full ACK. I guess IE yet didn't have enough of security exploits over spoofed images. After several major outbreaks they at least fixed the hole for <img> element <body> <!-- this will not work --> <img src="http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg"> </body> Well, just another reason do not use IE: not even out of love to standards, but out of primitive security considerations. P.S. To OP: I don't see big reason to file bugs to MSDN on this particular issue. I presume (possibly wrongly) that the basic HTTP mechanics is known to them. It took seven majot security outbreaks on Win XP with spoofed images: then they funally fix it more-or-less properly for <img>. Another few outbreaks - and they will fix this one too. It is another common sense practice: never migrate on newer IE until at least the first service pack is released with the most crutial security fixes. >>> Your server reported this resource to be >>> Content-Type of text/html. Any standard compliant UA has to try to [quoted text clipped - 4 lines] > > It is? Sorry then. That was a quick retreat. Had you asserted, "Your server reported this resource to be Content-Type of text/html", without checking that that was so? >P.S. To OP: I don't see big reason to file bugs to MSDN on this >particular issue. I didn't, I reported two CSS bugs to them. This issue was introduced by Mr Flavell, who was demonstrating that IE is full of security holes. Not sure why he felt he needed to prove that as we all know its security is as good as its CSS, but I've given up on this thread. I was trying to help us all out and got flamed for it. SignatureAlan Silver (anything added below this line is nothing to do with me) >VK writes > >P.S. To OP: I don't see big reason to file bugs to MSDN on this [quoted text clipped - 5 lines] > as good as its CSS, but I've given up on this thread. I was trying to > help us all out and got flamed for it. Sorry then. As your OP did not describe the nature of filed bugs, I tried to get it out of the thread. The OT-flood is a killer...much worser then non-proper quoting btw. I have a problem with the links though: "Error: The page you have requested is unavailable or you do not have access." (I furfilled the Microsoft Connect registration). >>VK writes >> >P.S. To OP: I don't see big reason to file bugs to MSDN on this [quoted text clipped - 9 lines] >tried to get it out of the thread. The OT-flood is a killer...much >worser then non-proper quoting btw. Agreed. >I have a problem with the links though: >"Error: The page you have requested is unavailable or you do not have >access." > >(I furfilled the Microsoft Connect registration). Hmm, looking at the list of available programs, I can't see the one for IE. I wonder if they took it off in the last day or so. Try going to http://connect.microsoft.com/ and clicking on the "Available programs" link. This will require you to log into Passport. Once you are taken to the programs list, copy https://connect.microsoft.com/feedback/default.aspx?SiteID=136 into your browser address bar. That takes you to the IE feedback page. If you enter 79985 or 79991 as IDs, you can see the two bug reports. I'm not happy that they've taken IE off the programs list. That sounds like they've stopped feedback and are going ahead with what they have. That means we'll get another buggy IE for the next few years. Ho hum, I was really hoping they'd get it right this time. Wrong again ;-( Ta ra SignatureAlan Silver (anything added below this line is nothing to do with me) > Your server reported this resource to be Content-Type of text/html. > Any standard compliant UA has to try to render it as text/html. Negative, Spock; you are wrong again. The server is reporting it as image/jpeg. That's the whole point. SignatureJack. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.