IE7 bugs reported - anyone like to support them?

Alan J. Flavell wrote:

Quote:

[1] except for the purposes of demonstration, anyway. What /does/
7beta do when confronted by this URL, by the way?
http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg

VK <schools_ring (AT) yahoo (DOT) com> wrote:

Quote:

Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.

Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg

Any compliant web browser will treat it as a (broken) JPEG image. Anything
that treats it as HTML is broken.
--
Darin McGrew, mcgrew (AT) stanfordalumni (DOT) org, http://www.rahul.net/mcgrew/
Web Design Group, darin (AT) htmlhelp (DOT) com, http://www.HTMLHelp.com/

"If you loan $20 to someone you never see again, it was probably worth it."

Darin McGrew wrote:

Quote:

VK <schools_ring (AT) yahoo (DOT) com> wrote:
Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.

Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg

It is? Sorry then.

Quote:

Any compliant web browser will treat it as a (broken) JPEG image. Anything
that treats it as HTML is broken.

Full ACK. I guess IE yet didn't have enough of security exploits over
spoofed images. After several major outbreaks they at least fixed the
hole for <img> element

<body>
<!-- this will not work -->
<img src="http://ppewww.ph.gla.ac.uk/~flavell/tests/spoof.jpg">
</body>

Well, just another reason do not use IE: not even out of love to
standards, but out of primitive security considerations.

P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue. I presume (possibly wrongly) that the basic HTTP
mechanics is known to them. It took seven majot security outbreaks on
Win XP with spoofed images: then they funally fix it more-or-less
properly for <img>. Another few outbreaks - and they will fix this one
too. It is another common sense practice: never migrate on newer IE
until at least the first service pack is released with the most crutial
security fixes.

VK wrote:

Quote:

Your server reported this resource to be Content-Type of text/html.
Any standard compliant UA has to try to render it as text/html.

Negative, Spock; you are wrong again. The server is reporting it as
image/jpeg. That's the whole point.

--
Jack.

On Wed, 31 May 2006, Mark Parnell wrote:

Quote:

Deciding to do something for the good of humanity, "Alan J. Flavell"
flavell (AT) physics (DOT) gla.ac.uk> declared in
comp.infosystems.www.authoring.stylesheets:

I still say that Mozilla (which announces that the image cannot be
displayed because it contains errors) and Opera (which displays an
[IMAGE] placeholder where the broken image should have been) are
behaving to the spirit of RFC2616.

FWIW, my copy of Firefox (1.5) just displays the URI as text

That's odd - thanks for the report. It seems to be version-dependent.

VK wrote:

Quote:

Darin McGrew wrote:
VK <schools_ring (AT) yahoo (DOT) com> wrote:
Your server reported this resource to be
Content-Type of text/html. Any standard compliant UA has to try to
render it as text/html.
Are you sure? When I request it, the server identifies it as

Content-Type: image/jpeg

It is? Sorry then.

That was a quick retreat. Had you asserted, "Your server reported this
resource to be Content-Type of text/html", without checking that that
was so?

In article <1149060379.074143.259140 (AT) j55g2000cwa (DOT) googlegroups.com>, VK
<schools_ring (AT) yahoo (DOT) com> writes

Quote:

P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue.

I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.

--
Alan Silver
(anything added below this line is nothing to do with me)

Alan Silver wrote:

Quote:

VK writes
P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue.

I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.

Sorry then. As your OP did not describe the nature of filed bugs, I
tried to get it out of the thread. The OT-flood is a killer...much
worser then non-proper quoting btw.

I have a problem with the links though:
"Error: The page you have requested is unavailable or you do not have
access."

(I furfilled the Microsoft Connect registration).

In article <1149085714.644048.136570 (AT) i40g2000cwc (DOT) googlegroups.com>, VK
<schools_ring (AT) yahoo (DOT) com> writes

Quote:

Alan Silver wrote:
VK writes
P.S. To OP: I don't see big reason to file bugs to MSDN on this
particular issue.

I didn't, I reported two CSS bugs to them. This issue was introduced by
Mr Flavell, who was demonstrating that IE is full of security holes. Not
sure why he felt he needed to prove that as we all know its security is
as good as its CSS, but I've given up on this thread. I was trying to
help us all out and got flamed for it.

Sorry then. As your OP did not describe the nature of filed bugs, I
tried to get it out of the thread. The OT-flood is a killer...much
worser then non-proper quoting btw.

Agreed.

Quote:

I have a problem with the links though:
"Error: The page you have requested is unavailable or you do not have
access."

(I furfilled the Microsoft Connect registration).

Hmm, looking at the list of available programs, I can't see the one for
IE. I wonder if they took it off in the last day or so.

Try going to http://connect.microsoft.com/ and clicking on the
"Available programs" link. This will require you to log into Passport.
Once you are taken to the programs list, copy
https://connect.microsoft.com/feedba...spx?SiteID=136 into your
browser address bar. That takes you to the IE feedback page. If you
enter 79985 or 79991 as IDs, you can see the two bug reports.

I'm not happy that they've taken IE off the programs list. That sounds
like they've stopped feedback and are going ahead with what they have.
That means we'll get another buggy IE for the next few years. Ho hum, I
was really hoping they'd get it right this time. Wrong again ;-(

Ta ra

--
Alan Silver
(anything added below this line is nothing to do with me)