A Mozilla Plugin to Help Overcome IE Rendering Flaw

least_weasel writes "An article on Ars Technica reveals Mozilla's intention to create and release a plugin for Internet Explorer that would allow the often-criticized IE to utilize some of the cooler rendering code developed for Firefox. The current WIP focuses on rendering using HTML5 standards, but the plans seem to be more ambitious than just fixing this one small piece of IE. The article covers some of the plans, hurdles, and potential benefits. It also spills the beans on the code name for the project: Screaming Monkey."

Er...

What's the advantage over just installing Firefox? Do people who don't have permission to install software have permission to install plugins like this?

Re:Er...

it makes MS and closed source look bad if Mozilla/open source fix their deficiencies.

Re:Er...

People who would care about these things already use Firefox/Opera/whatever. Everyone else does not care. It is like mocking the jocks because while all they do is run around and bang chicks, you gain valuable programming experience working on code no one will give a rats ass about.

Re:Er...

Not sure how it works on IE but you can install firefox plugins on the fly. If that is true on IE, imagine sites that rather than saying "runs best on IE7" instead say "This is gonna look crap if you don't click here [slashdot.org]

Re:Er...

And then that jock gets a job in the city rec department, and his bangin' cheerleader girlfriend is a professional beautician, between them making as much as you do by yourself with your programming experience.

Stupid, non-applicable analogy aside, nobody else cares about whether they use IE or Firefox, but they sure as hell notice when things don't work right. This plugin will let people develop sites to standards that still work with IE, so companies should be ok with allowing their webdevs to work forward properly, and it'll have the side effect of proper sites making people sit up and take notice of their broken browser.

Re:Er...

I would definitely like to think that way too, but I guess Mozilla/Firefox deserves a bit more credit here. I sincerely believe that they are doing this for two things primarily:

1) To improve user's experience - even if they are using IE
2) More importantly, to do their part in better standardization.

From TFA:"The Canvas element allows web developers to programmatically render interactive bitmap images in HTML content. It was invented by Apple to bring richer graphical capabilities to the company's WebKit renderer. The Canvas functionality eventually became part of the HTML5 standard and has been implemented in both Gecko and Presto. Canvas is used extensively in several popular web applications, including Google Maps, but it hasn't gained widespread acceptance because it isn't available in Internet Explorer. "

Re:Er...

it makes MS and closed source look bad if Mozilla/open source fix their deficiencies.

Duuuude, that's the beauty of MS and closed source - they don't *need* Mozilla/open source to make them look bad!

Re:Er...

The fact still remains that people use IE, because that's "the Internet" on their computer. It's been suggested that Adobe might include these plugins (there's also one in the works for the canvas element) with their Flash installer. That would greatly increase the number of people with IE that would support some of the features that are already available in FF/Opera/Safari.

I think that people who don't have permission to install the plugins just won't be able to do so, but they wouldn't be able to install FF anyway.

Re:Er...

I think the idea might be to get a first mover advantage on IE. If the IE installed base gets this plugin and gets used to the behavior, Microsoft will find it harder to do their usual trick of implementation-but-not-quite. People who have this plugin will be upset if Microsoft releases a new version of IE that breaks the Canvas behavior that they've become used to. A wide deployment of the plugin (perhaps through Adobe as the article speculates) might create just enough perceived path-dependence that Microsoft won't go out of its way to break the Canvas standard with a proprietary implementation.

Re:Er...

It allows web developers to take advantage of this feature

Canvas is a strange pick though for something to extend IE with. There's excanvas, which does a reasonable job of emulating canvas on IE using VML. It's not a perfect emulation, ofcourse, but in my experience it's good enough once you learn its limitations. For stuff like dynamic charting canvas is the right choice even today.

Re:Er...

It allows web developers to take advantage of this feature, but still have their sites be accessible by people using IE (out of ignorance or otherwise). Right now no web-developer can really target features not available on IE unless they want to alienate a large percentage of their user base.

As a professional web developer I can say that is complete rubbish. We can not rely on most IE users to have this plugin so we can not take advantage of any new features. The fact is that while IE is as prevalent as it currently still is we have to develop primarily for that platform. In the corporate world a great many people still use IE6 so we have to test under that very thoroughly too.

I'm a bit skeptical

Great idea... but if someone would have the wits and knowledge to look for this plugin, wouldn't they be using FF already? If websites prevented stuff from working without this plugin, wouldn't that just turn off viewers? Not sure how this is going to help, people have been harping at Microsoft about standards for years and all they've done is move towards them at the pace of a snail.

HTML5 is a standard now?

Well i'll be darned, I guess someone should call the XHTML2 camp and tell them they lost the war!

Re:HTML5 is a standard now?

I would be rather cautious about simply trying to implement and support HTML5, which is no standardized yet. I attended BlackHat ~ 2 weeks ago and Stamos's talk "Living in the RIA World" had some interesting things to say about HTML5 in its current state. If you wait ~ 6 months, BlackHat will allow viewing. My notes concerning HTML 5 follow.

HTML 5: have DOM storage (session and local) and database storage. These should all be SameOrigin. Meant to block userâ(TM)s deleting of tracking cookies. Use of database storage, there can be SQL injection against the local database. Some browsers support GlobalStorage that donâ(TM)t have SameOrigin control. Lots of new attack surface in FF3. Websites can be protocol handlers (support spyware!!). Installation of protocol handler is one click. WebKit is a big supporter of HTML5 and supports these issues.

HTML5 has limited storage (~ 15 Mbytes total) allowing easy exhaustion attacks and there is no UI to manage this. DOS is easy. Can easily plant arbitrary evidence on a system. HTML 5: Security âoeneed to write this sectionâ.

We now have web developers making desktop apps without any security or privacy expertise. The Web is becoming more heterogeneous and far far more dangerous.

Re:HTML5 is a standard now?

We now have web developers making desktop apps without any security or privacy expertise. The Web is becoming more heterogeneous and far far more dangerous.

What bothers me is how security is somehow pushed to the forefront as the most important issue, even more important than functionality.

The most secure system is one that is turned off. This new stuff they're adding increases the attack surface, sure, but it's also necessary to build stuff that actually works (like a web app that doesn't die when your wifi does).

But even aside from the issue of functionality vs. security, there's the issue of security somehow being way more important in the browser, which I think is nonsense. Client-server apps have always had lousy security, and were easily hijacked. Just because they now run in a browser, the threat level hasn't changed. A hacker that is determined can break in sure, but they've always been able to break in. Nothing has truly changed, except for the perception of the threat level.

All in all I think the web stack is pretty secure by default, when comparing it to the alternatives.

Re:HTML5 is a standard now?

Well i'll be darned, I guess someone should call the XHTML2 camp and tell them they lost the war!

Nah, don't bother them. They're busy working on the HD-DVD website.

Sad or happy day in Redmond?

Is it a sad or happy day for Microsoft, when their competitors get bored with beating them, and instead try to improve the Microsoft products to make them competitive - for free?

Re:Sad or happy day in Redmond?

The new plan for Mozilla:

• Embrace I.E.
• Extend I.E. with this plugin
• Extinguish I.E. with a "Get Firefox" button on every page.

What could possibly go wrong?

Re:Sad or happy day in Redmond?

Remember that many shops don't admin access to their computers and are stuck with IE because IT says so. Yes such places exist. They are not just a story your mother told you to scare you.

Screaming Monkey....

So I take it Balmer is involved in some way?

Spill the beans?

I've been reading about this for months. Its not exactly top secret.

https://wiki.mozilla.org/Tamarin:ScreamingMonkey [mozilla.org]

Interesting, but difficult

FYI, Screaming Monkey was already discussed in an earlier story [slashdot.org].

Unfortunately, scripted manipulation of VML is too slow to be used for highly interactive web applications. Mozilla's solution is to bake its own native Canvas implementation into an ActiveX plugin that can be integrated directly into Internet Explorer.

The only problem is getting people to install the plugin. My own solution was to use the market penetration of Java Applets to develop a shunt [dnsalias.com] that would render Canvas using Java APIs. (Note that the events system has not been completed in that demo. Make sure you click outside the block falling area so that the browser receives the keyboard commands.)

The same sort of shunt could be done with Flash 9 or Silverlight. Which would do a nice end-run around the problem of getting plugins installed.

Look to the beam in your own eye

Hey, that's great. Do they also have plans to fix the flaws in Firefox?

Off the top of my head, could we finally have support for SVG as a native image format? Or even just SVG rendering that isn't slower than a stone cow?

Don't want to sound like the grumpy old man, I just want most of my web shit to work in *one* browser before I worry about how it works in every browser.

Exactly backwards

This is exactly backwards to what most of us need. We need a [multiplatform] plugin for Firefox that will allow broken IE-only sites to work under Firefox so we can continue to use the browser of our choice. Not that I want to promote the use of IE-only coding, but the reality is that if the site doesn't work, the average users always blame Firefox, not the site designer.

Re:Will not succeed on the field

Any person "clever" enough to click Yes on an activeX installation prompt, you mean?