IE8 Release Candidate

Yow-Hann Lee — Thu, 05 Feb 2009 10:53:58 GMT

Been playing around with IE8 RC for the last couple days and am pleased with the upgrade from IE8 Beta.

The features are well publicized on IEBlog: Overview of Platform Improvements in IE8 RC1; it’s not really the web slices and accelerators that are of interest.

Two favorites thus far:

1. Debugger/Profiler

You no longer need Visual Studio or to download a script debugger separately. It has all the features you know and love from IE Dev Toolbar along with a decent script debugger/profiler.

2. XDomainRequest

Will be interesting to see how this pans out.

Other notable include the security and performance improvements since Beta. Perhaps this will help recover some of IE's lost market share?

ACE Team releases XSSDetect BETA

Yow-Hann Lee — Wed, 21 Nov 2007 11:43:12 GMT

XSSDetect can be downloaded at: http://www.microsoft.com/downloads/details.aspx?FamilyID=19a9e348-bdb9-45b3-a1b7-44ccdcb7cfbe&displaylang=en

A couple of findings so far:

1. Do not try this when you're opening large solutions or are low on memory. If you do have a large solution with countless project files, you can remove the non-web projects from the targets list. However, this still does not resolve the issue and Visual Studio will consistently crash when XSSDetect attempts to analyze.
Amount of available memory: x
Amount of memory required: x

2. To test out the accuracy of their code analysis, I removed some untrusted input handling. For querystring input, you then come across tips to "Use the Anti-XSS library to properly encode the data before rendering it". No, this is not a complete plug that you MUST download and use Microsoft's Anti-Cross Site Scripting Library V1.5. In this particular case, you can re-add Server.HtmlEncode via HttpUtility to achieve the same effect and remove these types of high confidence level errors. Note that the implementations of AntiXSS is just a touch different.

This tool definitely shows potential; unfortunately, you only get 60 days to play around with it as it has a short expiration date.

Security

IE8 Release Candidate

ACE Team releases XSSDetect BETA