By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,071 Members | 1,244 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,071 IT Pros & Developers. It's quick & easy.

IE7 bugs reported - anyone like to support them?

P: n/a
Hello,

Having discovered what I believe to be two CSS bugs in IE7, I have
submitted bug reports to MS. AFAIK, these don't get acted on until they
receive votes form others to say they are worth investigating.

As (I naively assume) it's in everyone's interest to see IE7 support CSS
properly, would anyone care to vote for these bugs, so that they might
get fixed before IE7 comes out of beta?

The bug IDs are 79985 and 79991 and you can find direct links to them
below (you'll need to log in with a passport account).

Thanks

https://connect.microsoft.com/feedba...edbackID=79991
https://connect.microsoft.com/feedba...edbackID=79985

--
Alan Silver
(anything added below this line is nothing to do with me)
May 29 '06 #1
Share this Question
Share on Google+
19 Replies


P: n/a
Els
Alan Silver wrote:
Having discovered what I believe to be two CSS bugs in IE7, I have
submitted bug reports to MS. AFAIK, these don't get acted on until they
receive votes form others to say they are worth investigating.
AIUI they're not gonna do anything with CSS anymore before the final
version, but I could be mistaken.
As (I naively assume) it's in everyone's interest to see IE7 support CSS
properly, would anyone care to vote for these bugs, so that they might
get fixed before IE7 comes out of beta?
Are you sure these are bugs that aren't discovered before already?
Have a look through these for example:
http://www.quirksmode.org/bugreports...a_2/index.html
http://css-discuss.incutio.com/?page=IE7
The bug IDs are 79985 and 79991 and you can find direct links to them
below (you'll need to log in with a passport account).

https://connect.microsoft.com/feedba...edbackID=79991
https://connect.microsoft.com/feedba...edbackID=79985


No, you need to log in with your passport account, then accept a very
long page with terms of something, and then register with name etc.
Sorry, too much work - can't you just explain about the bugs here? Or
better: give links to your test pages? Someone might be able to
confirm they're actual (new) bugs, or explain why they aren't.

--
Els http://locusmeus.com/
accessible web design: http://locusoptimus.com/
May 29 '06 #2

P: n/a
On Mon, 29 May 2006, Alan Silver wrote:
As (I naively assume) it's in everyone's interest to see IE7 support
CSS properly, would anyone care to vote for these bugs, so that they
might get fixed before IE7 comes out of beta?


As far as I'm concerned, MS have documented their deliberate violation
of mandatory requirements of the interworking protocols, and by doing
so have themselves ruled out IE as a world wide web browser.

Whoever chooses to use it as one is welcome to whatever they get when
they browse pages that are made for the WWW. I don't normally go out
of my way to provoke it[1], but neither am I willing to go out of my
way to pander to it - and that includes acting as an unpaid debugger.
It's not as if they don't get enough income to do their own testing.

ttfn

[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg
May 29 '06 #3

P: n/a
In article <7g*****************************@40tude.net>, Els
<el*********@tiscali.nl> writes
Alan Silver wrote:
Having discovered what I believe to be two CSS bugs in IE7, I have
submitted bug reports to MS. AFAIK, these don't get acted on until they
receive votes form others to say they are worth investigating.
AIUI they're not gonna do anything with CSS anymore before the final
version, but I could be mistaken.


Oh, what a shame. I was hoping that by reporting the bugs, they might
try and fix them before the final release.
As (I naively assume) it's in everyone's interest to see IE7 support CSS
properly, would anyone care to vote for these bugs, so that they might
get fixed before IE7 comes out of beta?


Are you sure these are bugs that aren't discovered before already?
Have a look through these for example:
http://www.quirksmode.org/bugreports...a_2/index.html
http://css-discuss.incutio.com/?page=IE7


Yup, AFAICS neither of these bugs appear in either of those lists. More
to the point, even if they did, MS are only likely to take notice of
bugs reported via their own feedback system. I don't imagine they go
around reading every blog and bug list on the web.
The bug IDs are 79985 and 79991 and you can find direct links to them
below (you'll need to log in with a passport account).
https://connect.microsoft.com/feedba...SiteID=136&Fee
dbackID=79991

https://connect.microsoft.com/feedba...SiteID=136&Fee
dbackID=79985


No, you need to log in with your passport account, then accept a very
long page with terms of something, and then register with name etc.
Sorry, too much work


Pain isn't it? Still, it didn't actually take very long, especially if
you already have a passport account, and you only have to do it the
once.
- can't you just explain about the bugs here? Or
better: give links to your test pages? Someone might be able to
confirm they're actual (new) bugs, or explain why they aren't.


I have previously discussed the bugs here and elsewhere, and am certain
that they are bugs. I wasn't posting in order to ask for help, I was
hoping that others would support them as genuine bugs worthy of
attention, so that MS might take notice of them and try and fix them.
That is what their feedback system is for.

Ta ra

--
Alan Silver
(anything added below this line is nothing to do with me)
May 30 '06 #4

P: n/a
In article <Pi*******************************@ppepc20.ph.gla. ac.uk>,
Alan J. Flavell <fl*****@physics.gla.ac.uk> writes
On Mon, 29 May 2006, Alan Silver wrote:
As (I naively assume) it's in everyone's interest to see IE7 support
CSS properly, would anyone care to vote for these bugs, so that they
might get fixed before IE7 comes out of beta?
As far as I'm concerned, MS have documented their deliberate violation
of mandatory requirements of the interworking protocols, and by doing
so have themselves ruled out IE as a world wide web browser.


Maybe, but it's still far and away the most widely-used browser, and is
likely to remain so. Therefore, it is in our own interests to try and
persuade them to improve it to the point of being at least compliant
with the W3C recommendations. It would save us a lot of time and trouble
if IE actually displayed our pages how they should be.
Whoever chooses to use it as one is welcome to whatever they get when
they browse pages that are made for the WWW.
But the vast majority of people don't *choose* to use it, they use it
simply because it comes preinstalled with Windows, and they do not know
of any reason to think about using anything else.

I don't know if you have tried convincing a non-technical PC user to
ditch IE and move to another browser, but I have and it was very hard
work. Their attitude was that IE works, so why bother installing
something else. Truth is, from a non-technical user's point of view, IE
works far better than any other browser, due to the vast number of web
pages that were written with IE in mind. Many pages that were written by
people who understand standards don't actually look as good in IE. As
far as your Joe Public is concerned, he has no reason to move away from
something that he perceives as working, to install something that he
perceives as giving him a poorer browser experience.

That's not to say that I agree with this, but it's a reality. I don't
use IE for general browsing, but I recognise that I have to cater for it
if I want to write pages for the WWW. I would love to ignore IE and
write for compliant browsers only, but I don't think I'd be in business
for very long <g>
I don't normally go out
of my way to provoke it[1], but neither am I willing to go out of my
way to pander to it - and that includes acting as an unpaid debugger.
It's not as if they don't get enough income to do their own testing.
Maybe, maybe not. I don't really care. I just know that's it's buggy,
and MS have provided a way for us to give feedback. I'm trying to use
that method to push them into fixing two bugs I have found. I prefer
that to sticking my head in the sand and pretending that IE doesn't
exist. This is not a criticism, but I just don't think your attitude is
realistic, even though I agree with you in principle.

Ta ra
ttfn

[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg


It shows a little pop-up with a cheeky message!! What was the point?

--
Alan Silver
(anything added below this line is nothing to do with me)
May 30 '06 #5

P: n/a
On Tue, 30 May 2006, Alan Silver wrote:
Alan J. Flavell <fl*****@physics.gla.ac.uk> writes ....
Whoever chooses to use it as one is welcome to whatever they get
when they browse pages that are made for the WWW.


But the vast majority of people don't *choose* to use it, they use
it simply because it comes preinstalled with Windows, and they do
not know of any reason to think about using anything else.


Based on what you're saying, *you* don't seem to believe that MSIE is
capable of browsing pages made for the WWW. I don't really think it's
as bad as that. The problems lie elsewhere, for the most part.
I don't know if you have tried convincing a non-technical PC user to
ditch IE and move to another browser, but I have and it was very
hard work.


This is no concern of mine. They're welcome to do what they please,
but they mustn't expect me to be their nanny. In so far as IE can
browse WWW pages, they get what they get.
[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg


It shows a little pop-up with a cheeky message!! What was the point?


The point was RFC2616 section 7.2.1
http://www.w3.org/Protocols/rfc2616/....html#sec7.2.1

This is authoritatively an image/jpeg content: our swerver says so.

The actual content body doesn't even *claim* to be HTML: it merely
contains enough pointy brackets to confuse IE into interpreting as
such.

The active content (in this case, client-side jscript and a meta
refresh) that has been smuggled through to IE, and which IE has
uncritically executed, could have been designed more maliciously than
the relatively harmless joke which I put there.

It's no wonder that the gormless IE users, whom you seem so keen to
find excuses for in the name of "being realistic", are so easily
infected with viruses and trojans, and turned into zombie farms.
May 30 '06 #6

P: n/a
In article <Pi*******************************@ppepc20.ph.gla. ac.uk>,
Alan J. Flavell <fl*****@physics.gla.ac.uk> writes
<snip>
Based on what you're saying, *you* don't seem to believe that MSIE is
capable of browsing pages made for the WWW. I don't really think it's
as bad as that. The problems lie elsewhere, for the most part.
I never said that, nor did I mean it.
I don't know if you have tried convincing a non-technical PC user to
ditch IE and move to another browser, but I have and it was very
hard work.


This is no concern of mine. They're welcome to do what they please,
but they mustn't expect me to be their nanny. In so far as IE can
browse WWW pages, they get what they get.


Well, I'm in business, I need to support whatever people use. Most
people use IE, therefore I need to support it. Thus, it is in my
interest (as I believe most people here) for IE to improve as much as
possible.

Note also that I was merely pointing out that the current predominance
of IE is unlikely to change. Whether that is right or wrong is academic.

<snip>It's no wonder that the gormless IE users, whom you seem so keen to
find excuses for in the name of "being realistic",
I take exception to your describing the vast majority of PC users as
gormless. Merely because they do not share our technical interest in
standards-based web design (why should they?), they should not be
classed as gormless. Their use of IE is based on them not having any
knowledge of why they might be better off with something else. That does
not show a lack of gorm, it shows that they have not been educated. I
pointed out that the task of education is so great, that it is a fairly
pointless thing to take on.

Furthermore, I am not "finding excuses" for people, I am describing a
reality. Whether the reasons for using IE are good or bad, they are
real.
are so easily
infected with viruses and trojans, and turned into zombie farms.


AFAIK, the vast majority of viruses that get into people's machines are
not introduced via IE. E-mail and dodgy downloads seem to account for
far more than IE. Not that this is the slightest bit relevant anyway.

Anyway, I didn't come here to argue, nor do I intend to do so. I respect
your opinion, although retain my right to disagree with it as stated. To
me, it is in our interest to try and persuade MS to improve IE. If you
don't agree, then that's up to you.

Ta ra

--
Alan Silver
(anything added below this line is nothing to do with me)
May 30 '06 #7

P: n/a
To further the education of mankind, "Alan J. Flavell"
<fl*****@physics.gla.ac.uk> vouchsafed:
> [1] except for the purposes of demonstration, anyway. What /does/
> 7beta do when confronted by this URL, by the way?
> http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg


It shows a little pop-up with a cheeky message!! What was the point?


The point was RFC2616 section 7.2.1
http://www.w3.org/Protocols/rfc2616/....html#sec7.2.1

This is authoritatively an image/jpeg content: our swerver says so.

The actual content body doesn't even *claim* to be HTML: it merely
contains enough pointy brackets to confuse IE into interpreting as
such.

The active content (in this case, client-side jscript and a meta
refresh) that has been smuggled through to IE, and which IE has
uncritically executed, could have been designed more maliciously than
the relatively harmless joke which I put there.

It's no wonder that the gormless IE users, whom you seem so keen to
find excuses for in the name of "being realistic", are so easily
infected with viruses and trojans, and turned into zombie farms.


Is this IE7 only? In IE6 I get (onscreen):

<title>Take Cover</title>

<meta http-equiv=refresh
content="1; URL=http://ppewww.ph.gla.ac.uk/~flavell/tests/tests.txt">

<body onload="alert('Boo! ... All your base are belong to us.')">

IOWs, no redirect or js.

--
Neredbojias
Infinity has its limits.
May 30 '06 #8

P: n/a
On Tue, 30 May 2006, Neredbojias wrote:
Is this IE7 only?
I guess it depends on your settings in IE6.
In IE6 I get (onscreen):

<title>Take Cover</title>

<meta http-equiv=refresh
content="1; URL=http://ppewww.ph.gla.ac.uk/~flavell/tests/tests.txt">

<body onload="alert('Boo! ... All your base are belong to us.')">
Well, that's the content of the spoof JPG file alright. But on IE6 I
get a security alert telling me that scripts are mostly harmless, and
inviting me to proceed (many users wouldn't even have configured that,
I suppose), and if I consent, then it does the js, after which it does
the refresh.

Hmmm, that was in Win2k. On an independent copy of IE6 in XP SP2,
which incidentally has been configured to "trust" our web server,
there's no security alert, it goes directly to the jscript-ed alert,
after which it does the refresh.
IOWs, no redirect or js.


It sounds as if you have yours configured more safely than many
another user, then...

But it looks as if yours has decided to display it as plain text,
despite having been told that it's a JPEG image. Which is at least
safer than parsing it as HTML.

I still say that Mozilla (which announces that the image cannot be
displayed because it contains errors) and Opera (which displays an
[IMAGE] placeholder where the broken image should have been) are
behaving to the spirit of RFC2616.
May 30 '06 #9

P: n/a
Deciding to do something for the good of humanity, "Alan J. Flavell"
<fl*****@physics.gla.ac.uk> declared in
comp.infosystems.www.authoring.stylesheets:
I still say that Mozilla (which announces that the image cannot be
displayed because it contains errors) and Opera (which displays an
[IMAGE] placeholder where the broken image should have been) are
behaving to the spirit of RFC2616.


FWIW, my copy of Firefox (1.5) just displays the URI as text - if I look
at the properties of the "page", it claims that this is what the alt
text of the image says.

--
Mark Parnell
My Usenet is improved; yours could be too:
http://blinkynet.net/comp/uip5.html
May 31 '06 #10

P: n/a
To further the education of mankind, "Alan J. Flavell"
<fl*****@physics.gla.ac.uk> vouchsafed:
On Tue, 30 May 2006, Neredbojias wrote:
Is this IE7 only?
I guess it depends on your settings in IE6.
In IE6 I get (onscreen):

<title>Take Cover</title>

<meta http-equiv=refresh
content="1; URL=http://ppewww.ph.gla.ac.uk/~flavell/tests/tests.txt">

<body onload="alert('Boo! ... All your base are belong to us.')">


Well, that's the content of the spoof JPG file alright. But on IE6 I
get a security alert telling me that scripts are mostly harmless, and
inviting me to proceed (many users wouldn't even have configured that,
I suppose), and if I consent, then it does the js, after which it does
the refresh.

Hmmm, that was in Win2k. On an independent copy of IE6 in XP SP2,
which incidentally has been configured to "trust" our web server,
there's no security alert, it goes directly to the jscript-ed alert,
after which it does the refresh.
IOWs, no redirect or js.


It sounds as if you have yours configured more safely than many
another user, then...

But it looks as if yours has decided to display it as plain text,
despite having been told that it's a JPEG image. Which is at least
safer than parsing it as HTML.


Yes, and I could have easily reset a few things in the past, but darned
if I remember what.
I still say that Mozilla (which announces that the image cannot be
displayed because it contains errors) and Opera (which displays an
[IMAGE] placeholder where the broken image should have been) are
behaving to the spirit of RFC2616.


FYI, I also get the same response as Mark Parnell in ff.

(WinXP Sp2 w/ all updates.)

--
Neredbojias
Infinity has its limits.
May 31 '06 #11

P: n/a
VK

Alan J. Flavell wrote:
[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg


It is not a bug, it is a completely correct behavior for HTTP. You
asked for a document spoof.jpg. At the moment of the initial request UA
has no means to know if it's an image, HTML document or some all new
electronic format requiring a plugin to install. It doesn't know it as
file extension is meaningless in HTTP: it doesn't prove anything and it
doesn't imply anything. Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.

It is a very common mistake though to transfer Windows file extension
schemas onto Web.
See more at:
<http://groups.google.com/group/comp.infosystems.www.authoring.html/tree/browse_frm/thread/90b0fb057ff808f4/2bd5a9bc6dab7dd6?rnum=11&hl=en&_done=%2Fgroup%2Fco mp.infosystems.www.authoring.html%2Fbrowse_frm%2Ft hread%2F90b0fb057ff808f4%2F%3Fhl%3Den%26#doc_bffe6 ec35225b386>

May 31 '06 #12

P: n/a
Alan J. Flavell wrote:
[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg

VK <sc**********@yahoo.com> wrote: Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.


Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg

Any compliant web browser will treat it as a (broken) JPEG image. Anything
that treats it as HTML is broken.
--
Darin McGrew, mc****@stanfordalumni.org, http://www.rahul.net/mcgrew/
Web Design Group, da***@htmlhelp.com, http://www.HTMLHelp.com/

"If you loan $20 to someone you never see again, it was probably worth it."
May 31 '06 #13

P: n/a
VK

Darin McGrew wrote:
VK <sc**********@yahoo.com> wrote:
Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.
Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg


It is? Sorry then.
Any compliant web browser will treat it as a (broken) JPEG image. Anything
that treats it as HTML is broken.


Full ACK. I guess IE yet didn't have enough of security exploits over
spoofed images. After several major outbreaks they at least fixed the
hole for <img> element

<body>
<!-- this will not work -->
<img src="http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg">
</body>

Well, just another reason do not use IE: not even out of love to
standards, but out of primitive security considerations.

P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue. I presume (possibly wrongly) that the basic HTTP
mechanics is known to them. It took seven majot security outbreaks on
Win XP with spoofed images: then they funally fix it more-or-less
properly for <img>. Another few outbreaks - and they will fix this one
too. It is another common sense practice: never migrate on newer IE
until at least the first service pack is released with the most crutial
security fixes.

May 31 '06 #14

P: n/a
VK wrote:
Your server reported this resource to be Content-Type of text/html.
Any standard compliant UA has to try to render it as text/html.


Negative, Spock; you are wrong again. The server is reporting it as
image/jpeg. That's the whole point.

--
Jack.
May 31 '06 #15

P: n/a
On Wed, 31 May 2006, Mark Parnell wrote:
Deciding to do something for the good of humanity, "Alan J. Flavell"
<fl*****@physics.gla.ac.uk> declared in
comp.infosystems.www.authoring.stylesheets:
I still say that Mozilla (which announces that the image cannot be
displayed because it contains errors) and Opera (which displays an
[IMAGE] placeholder where the broken image should have been) are
behaving to the spirit of RFC2616.


FWIW, my copy of Firefox (1.5) just displays the URI as text


That's odd - thanks for the report. It seems to be version-dependent.

May 31 '06 #16

P: n/a
VK wrote:
Darin McGrew wrote:
VK <sc**********@yahoo.com> wrote:
Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.

Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg


It is? Sorry then.


That was a quick retreat. Had you asserted, "Your server reported this
resource to be Content-Type of text/html", without checking that that
was so?
May 31 '06 #17

P: n/a
In article <11**********************@j55g2000cwa.googlegroups .com>, VK
<sc**********@yahoo.com> writes
P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue.


I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.

--
Alan Silver
(anything added below this line is nothing to do with me)
May 31 '06 #18

P: n/a
VK
Alan Silver wrote:
VK writes
P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue.


I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.


Sorry then. As your OP did not describe the nature of filed bugs, I
tried to get it out of the thread. The OT-flood is a killer...much
worser then non-proper quoting btw.

I have a problem with the links though:
"Error: The page you have requested is unavailable or you do not have
access."

(I furfilled the Microsoft Connect registration).

May 31 '06 #19

P: n/a
In article <11**********************@i40g2000cwc.googlegroups .com>, VK
<sc**********@yahoo.com> writes
Alan Silver wrote:
VK writes
>P.S. To OP: I don't see big reason to file bugs to MSDN on this
>particular issue.
I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.


Sorry then. As your OP did not describe the nature of filed bugs, I
tried to get it out of the thread. The OT-flood is a killer...much
worser then non-proper quoting btw.


Agreed.
I have a problem with the links though:
"Error: The page you have requested is unavailable or you do not have
access."

(I furfilled the Microsoft Connect registration).


Hmm, looking at the list of available programs, I can't see the one for
IE. I wonder if they took it off in the last day or so.

Try going to http://connect.microsoft.com/ and clicking on the
"Available programs" link. This will require you to log into Passport.
Once you are taken to the programs list, copy
https://connect.microsoft.com/feedba...spx?SiteID=136 into your
browser address bar. That takes you to the IE feedback page. If you
enter 79985 or 79991 as IDs, you can see the two bug reports.

I'm not happy that they've taken IE off the programs list. That sounds
like they've stopped feedback and are going ahead with what they have.
That means we'll get another buggy IE for the next few years. Ho hum, I
was really hoping they'd get it right this time. Wrong again ;-(

Ta ra

--
Alan Silver
(anything added below this line is nothing to do with me)
May 31 '06 #20

This discussion thread is closed

Replies have been disabled for this discussion.