When web developers talk about a browser release, they inevitably concentrate their attention on changes to the way it renders their pages. So most of the talk about Internet Explorer 7 has focused on issues like conditional comments and so forth. But how many people are aware of the changes to the security model in IE7, and its potential effect on existing and future development?
I was recently made aware of one apparently small change that will likely affect many thousands of sites, but which doesn’t seem to have been given much coverage. It seems that in IE7, the default security settings now prevent use of the ‘prompt’ dialogue box. Instead, the user is presented with a warning that the site is trying to use a ‘scripted window’ and asking for permission to display it.
Now this might seem a trivial point — the user just has to grant permission and all is hunky-dory — but it’s not that simple. For a start, a novice user will more than likely be uncertain what a ‘scripted window’ is, and whether it’s safe to allow it or not. And that effectively means that the prompt dialogue is now useless, and should be removed wherever it is used.
What’s frustrating about this is that the reason for the change is not clear, even if you read the official line: it sounds as much as anything like the developers became aware of a potential security problem, couldn’t think of a smart solution and so just went ahead with the first thing that came into their heads. And the behaviour might even change again in the future.
All of which makes me even more uncertain about what other changes have been made that might break existing sites, that I’m not even aware of yet. If you too are worried, there are various resources out there with information on the changes. But for me, it looks like I’m going to be spending a fair amount of time sifting through old code just to make sure.