Does IE8 Really Pass Acid2? [Updated] 174
thevirtualcat found some inconsistencies in IE8's Acid2 results that made him wonder what's going on. Can anyone replicate these results or, better yet, explain them?
Update: 03/22 23:54 GMT by KD : Several readers pointed out this has to do with cross-site scripting prevention, as described here.
Update: 03/22 23:54 GMT by KD : Several readers pointed out this has to do with cross-site scripting prevention, as described here.
Known Cross-domain security issue (Score:5, Interesting)
Here's the explanation:
http://blogs.msdn.com/ie/archive/2008/03/05/why-isn-t-ie8-passing-acid2.aspx [msdn.com]
Google is your friend next time...
Re:The answer... (Score:5, Interesting)
To a point, they are right, but they did this to show they are better and only seem insecure because if they don't do such things as they have done the Internet will not work. Oh yes, btw, those other browsers are not secure either... see how their stuff still works?
I smell bullshit at the IE blog (Score:3, Interesting)
The Acid tests are test cases used to assess a browser's web standards support.
Yet, in the explanation of the incorrect rendering at the IE blog, AciveX is invoked, with some excuse about cross-domain security.
ActiveX has absolutely nothing to do with Web Standards.
This leads me to believe that MS plans to keep playing the Internet game by their rules for a while yet.
Cross-domain == cross-site (Score:5, Interesting)
Re:On another note... Acid3 (Score:4, Interesting)
Putting all that aside, it would still hardly constitute some unfair conspiracy. For one thing every other renderer in released browsers fails quite miserably at it too. Secondly, it's not some arbitrary test, Acid3 measures accuracy of conformance to DOM and ECMAscript standards. Acid3 didn't just make up the standards on the spot, they have existed for years and IE could have (and should have) been attempting to conform the whole time (as should every other renderer).
In other words: No, I don't find it intriguing. It's a mild coincidence, nothing more.
No, it does not. Security problem is their problem (Score:5, Interesting)
No, it does not pass.
There is no cross-domain insecurity in <object> as defined by the HTML specification. There is a problem in IE8's broken implementation.
If object can't be displayed, browser should ignore it. Ignored <object> isn't any more dangerous than <div>. In such case there's only one document, with one DOM, all within same domain.
But apparently IE8 can't ignore undisplayable <object> properly, so they've hacked around the problem by spawning new IE8 instance that pretends to be a plug-in that handles the invalid <object> (an <iframe> effectively). And when you do stupid things like that, of course you've got a security problem!
No Acid2-passing browser has any problems with displaying same-origin fallback to cross-domain object.
Re:Yes, that's true. (Score:4, Interesting)
Beside this list is all the major browsers and how they implement each feature (fully, partially, broken, not implemented, etc...).
Voila! Partial compliance.
It's a massive improvement... (Score:5, Interesting)
All of this can only mean web developers sleep more soundly at night, and more real work gets done. The IE developers can give themselves a big pat on the back for achieving something useful that will make everyone's lives better, like they used to do with IE3 and 4 and initial CSS1 support. Shame the management decided to slack off on IE development so long. Microsoft: intelligent geeks, ruined by management.
Now, on to Acid 3. IE8 is still clearly trailing everyone else by some distance and is probably going to play catchup for a while yet until they implement native SVG (think about the possibilities for Explorer and Office, that Apple, KDE and friends are just beginning to explore).
As an aside, think how good MS Office might be if they had this level of competition due to having to implement a proper Open Document standard not specified by them. Everyone would get more work done, would be fitter, happier, healthier and better, and Microsoft would probably still have the lion's share of the market. OOXML needs to die now, for everyone's sake, including Microsoft's.
Other object types (Score:4, Interesting)
Re:The answer... (Score:2, Interesting)
Re:The answer... (Score:1, Interesting)
Re:The answer... (Score:5, Interesting)
Re:Simple stuff like CSS (Score:4, Interesting)
Validity is a property of documents; a doctype declaration alone cannot be valid or invalid. But that code is incorrect, you've forgotten the public identifier. That code also puts other browsers into quirks mode [dbaron.org].
There's more than one ISO HTML 2000 doctype declaration available. As for correctness, that depends on whether or not you screw the syntax up. But next to nobody uses that doctype anyway. Can you name a single HTML tutorial that mentions it? The OP wondered if he was reading the wrong tutorials, in my experience, it's common for tutorials to miss out doctypes altogether and unheard of for them to mention ISO-HTML at all. So we can reasonably eliminate that from consideration as well.
It is not invalid, but you shouldn't do so when serving it as text/html as it goes against the compatibility guidelines in the XHTML 1.0 specification, which RFC 2854 requires you to follow. Further, Internet Explorer hasn't chosen quirks mode for documents with XML prologues since version 6, so that's not the issue here either.
There's nothing wrong with that, although again, it's not something tutorials teach. You can divide HTML tutorials into two different groups: one doesn't mention doctypes and the other says that the doctype must come first (or straight after the XML prologue).
But "some IE versions" isn't relevant here, we are talking about version 8 in particular. Are you actually looking for an explanation for the problem, or are you just trying to find a way of blaming Microsoft? Doctype switching has been around for many years, all major browsers do it, and it's silly to blame Microsoft for auto margin centring not working when Internet Explorer has supported it for seven years.
Re:Microsoft Has Lost The Race (Score:3, Interesting)
It is still impossible to have 100% (not 99%) perfect web experience for end user if he/she is not using Windows XP/Vista without IE. You will get stuck somewhere for sure. That is a win too.
So, they can even pass Über Quantum Acid 1000 test, it won't matter to them. So, they clicked some switch to stop conspiring w3c standard sites and voila, it passes.
You didn't actually believe MS of a small country size is really incompetent to code w3c standard browser yes? IE 5 for Macs (of its release date) supports more standards than any browser on market at that time.
Re:Who cares? (Score:2, Interesting)
It renders fast and has a lot of fun features to play with. I'm already addicted to the mouse gestures up to the point the normal clicking i do with windows feels boring. I wonder if there is any OS that offers mouse gestures??