Google Chrome Frame plug-in for IE

For general web development questions that are not specifically related to CSS HTML Validator. This includes (but is not limited to) general HTML, CSS, Accessibility, JavaScript, and SEO questions.
Post Reply
User avatar
MikeGale
Rank VI - Professional
Posts: 726
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Google Chrome Frame plug-in for IE

Post by MikeGale »

I don't have useful insights into the environments that still use IE6, but I can imagine some friction.

I am personally opposed to web sites that say things like "you have a really horrible browser, download this one...". (Also I still sometimes see sites that say optimised for Netscape 4.x or whatever, another way to get a great laugh!!) I consider a message from your page to download Chromeframe in that same light. Imagine if somebody on a slow connection goes for it and then loses a lot of time while it all happens (and maybe fails). Having them hate you might be the least of your problems. If they come after you with a baseball bat can you be entirely surprised?

If I were ever to use this I'd probably detect browser at the server and deliver different content. (Which is a whole other can of worms.)

A good thing is that it is fully opt in. If you do nothing you are not involved.

If I found that a site was getting an important number of IE6 visitors with the chromeframe already there it might be worth considering.
User avatar
MikeGale
Rank VI - Professional
Posts: 726
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale »

I see that Microsoft has commented on googleframe. I'm surprised.

See http://j.mp/2Rguz8 for some details.

It refers to a security analysis run across the major browsers. Interesting stuff. See http://j.mp/2fhEFg for the phishing attack report.

I think it worthwhile for developers to have a look at this.
User avatar
Albert Wiersch
Site Admin
Posts: 3785
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Re: HTML 5 / HTML5

Post by Albert Wiersch »

MikeGale wrote:I see that Microsoft has commented on googleframe. I'm surprised.
Interesting. That makes sense to me. Running Chrome inside of IE (especially older versions like IE 6) seems "ripe for a security issue".
Albert Wiersch, CSS HTML Validator Developer • Download CSS HTML Validator FREE Trial
User avatar
MikeGale
Rank VI - Professional
Posts: 726
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale »

I have now seen some analysis of this
http://j.mp/4Ccl1M

Pointing out some issues for developers, suggesting that this was triggered by Google frustration at the slow progress of Chrome.

Google has also announced Wave, which looks a lot like why they announced Frame.

I haven't managed to get any numeric estimates of how Frame will do from the developer community for the product.
Last edited by MikeGale on Tue Oct 06, 2009 3:30 pm, edited 1 time in total.
User avatar
MikeGale
Rank VI - Professional
Posts: 726
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: HTML 5 / HTML5

Post by MikeGale »

On Googleframe.

As this seems to be developer only at present, and is not yet fully baked, you should be aware of what you are getting into.

It will also make your version of IE non standard, remember that when testing. (I haven't been able to get any numbers, let alone numbers I would take seriously, about when it may have enough users. So the jury is out.) The good thing is that you have to deliver special pages to even trigger it.

Google seems to be saying some odd things here. The add in is for IE 6, as far as I can see, but they talk about IE in general. That's misleading. (Is it deliberate?)

It could be an attack route into your browser. (That alone might scupper the add-in in the corporate world where IE6 hangs on. It seems that some companies have cut their web teams to near nothing, so they force IE6 to support older, legacy, internal applications. Without money to even maintain existing content, I can't imagine them wanting any headaches from browser changes (they've already worked hard to freeze browser deployment).)

I'm holding off until I think it worth investigating further.
User avatar
Albert Wiersch
Site Admin
Posts: 3785
Joined: Sat Dec 11, 2004 9:23 am
Location: Near Dallas, TX
Contact:

Microsoft should be Embarassed

Post by Albert Wiersch »

Microsoft should be ashamed of itself after "secretly" including a Windows Presentation Foundation Firefox plug-in with the NET Framework 3.5 SP1 update that has some serious problems.

I'm glad Firefox is fighting back. I was notified that it was being disabled.
WPF.png
WPF.png (24.24 KiB) Viewed 9602 times
More info:
http://blogs.zdnet.com/security/?p=4614 ... nk;content
Well, the code in that add-on has a serious code execution vulnerability that exposes Firefox users to the “browse and you’re owned” attacks that are typically used in drive-by malware downloads.
Albert Wiersch, CSS HTML Validator Developer • Download CSS HTML Validator FREE Trial
User avatar
MikeGale
Rank VI - Professional
Posts: 726
Joined: Mon Dec 13, 2004 1:50 pm
Location: Tannhauser Gate

Re: Microsoft should be Embarassed

Post by MikeGale »

I think there's more to this than meets the eye.

WPF is a bit like Flash and maybe a bit like Java. There have been security holes in those that you can drive a truck through. Don't get reported much and some of them last for a very long time seemingly without being attended to.

I'd love to see good penetration of WPF onto browsers. It gives a way to escape the trap of zero or very little development in HTML for so long.

It'll be interesting to find out some details.
Post Reply