15 secrets of next-gen browsers

What you need to know about the new versions of the major browsers

Web browsers

Network World Lab Alliance member Thomas Powell makes it part of his Web consulting practice to analyze every new browser to hit the Internet. Powell's deep dive goes past the eye candy user interface upgrades and gets into the technological underpinnings that will have consequences for Web site and network designers.

MIME-sniffing process

With the MIME-sniffing process practiced in previous versions of Internet Explorer, the browser looks inside of responses and addresses what it sees in the body rather than what is labeled in the Content-Type header. This process opens a door for XSS attacks.

Internet Explorer 8

With IE8, Web site managers and application developers can turn off MIME sniffing by sending the X-Content-Type- Option: nosniff in responses, which should be set by Web administrators globally in Web server responses.

JavaScript

Older browsers support an extension making it illegal for JavaScript to read cookies flagged with an "HTTPOnly" tag, a measure that can help prevent session hijacking. Newer releases widely support the idea, and, clean up small details, making it high time for this to be widely deployed.

Google's Chrome

Google's Chrome implements the bzip2 protocol for transparent HTTP compression, which has significant potential savings for large text payloads over the commonly employed gzip algorithm. It also introduces the Shared Dictionary Compression over HTTP (SDCH), which is, coincidentally, also found in the Google toolbar.

Internet Explorer 8

Internet Explorer has never properly supported HTML and CSS standards but developers worked around these incompatibilities. With the more standards-compliant IE8, many of these hacks won't be needed, but should an IE8 browser hit an older page, the layout may not render correctly unless the user is employing Microsoft's special compatibility mode.

CSS3

While Microsoft was busy addressing older CSS1 and CSS2 specifications, the other browser vendors were quickly implementing various CSS3 features including rounded corners, border images, multiple columns, drop shadows and downloadable fonts.

Meet the tester

Meet the tester: Thomas A. Powell, who is a member of the Network World Test Alliance, is president of Web consultancy, PINT in San Diego, and is an author of numerous Web development books. He can be reached at tpowell@pint.com .