A First Look At Internet Explorer 8 RC1

bogaboga writes "TG Daily reports that Microsoft quietly released the first update to its IE8 beta 2 to its closest partners last week. This new version only scores a dismal 12/100 on the Acid 3 test, though the score improves significantly if one leaves the [browser] window open for at least a minute. It is marked as 'Release Candidate 1.'"

Some people STILL think they should use IE

[theaveng]

Like this guy: http://www.highdefforum.com/768120-post19.html

I don't know how someone can say "IE is not any more vulnerable" with a straight face. And it only scored 12/100 on compatibility tests? RUN from IE.

Re:Damn, did I really not know?

[will_die]

In Microsoft speak a RC is a feature complete product, parts are still buggy but the capabilities are in, they still reservice the right to add features but will not remove them.
Now that is not to say that things still will not change for instance with the release of parts of Office 2007 some products would work in the RC phase on Windows 2000 but come release they stopped working. However at that phase you can usally start developing for the new product and it will work on the release with at most minor changes.

Even simple HTML can crash IE8

[VJTod]

This simple HTML still crashes Beta2.  It will probably still crash the RTM.  This was a trick I found back in 2002.  I had reported it somewhere, but obviously nowhere important.

<table>
<tr>
<td><div style="width:100%;height:100%"/></td>
<td>
<div>
<span style="height:100%;width:50%">></td>
<span style="height:100%;width:50%">></td>
</div>
</td>
<td><div style="width:100%;height:100%"/></td>
</tr>
</table>

Re:Even simple HTML can crash IE8

[twistah]

This is a highly ignorant comment. A browser should never crash due to poorly written HTML, or due to anything. From the security angle, this is at least a DoS, but likely something more. Take a look at the IE7 0-day which is affecting millions of users. It is not a buffer overflow; it's a simple crash. However, because of JavaScript, one is able to manipulate ("spray") the heap enough to a point where even a simple crash can be used for code execution. ANY crash in a browser should be taken seriously.

Re:Good

[spinkham]

Actually, ~50 % of websites tested in the past year by WhiteHat Security. It's the best metric we currently have for security flaws, as WhiteHat has many customers across quite a few industries, and they are all automatically retested over time. It has little to do with the browser targeted, and everything to do with the web frameworks used, the knowledge of the programmers, and the testing or lack thereof most websites get before deployment.

If you check xssed.com you'll see that near 100% of websites have had XSS vulnerabilities in the past.

Re:Good

[spinkham]

IE8 gives a number of mechanisms for either you or Microsoft to request the legacy IE7 renderer for your website. is all it takes to not have to add IE 8 specific version of your website.

Re:Why It Takes an Extra Minute

[sexconker]

You COULDN'T care less.
You could not care any less, because you absolutely do not care.

If you COULD care less, then you care some non-minimal amount.

Re:Not following standards costs us

[jc364]

Actually, IE 8 passes the Acid 2 test (yes, they are last, but its an improvement). Not to mention that Microsoft contributed 2524 test cases to the CSS 2.1 test suite. I'm a web developer, and I know the horrors of developing for multiple browsers (especially IE), but I have to give Microsoft some credit for their interest in standards in this coming IE version.

Also, the acid tests are just one indicator of how well a browser does standards. To make it the defining standards test would not be completely fair. More info on that here.