Recently whilst i was developing a new site for work, i had a bug where any page in the site would crash IE7, now not a great fan of IE (or Microsoft) i didnt think much of it and just thought i would need to reinstall the browser, so i carried on and tested in FireFox.
After a few days one of the other guys at work was having the same problem, opening any one of the pages in Internet Explorer would kill the application. I knew it wasn’t my code or scripts, as they were clean and simple, and i was using the Scriptaculous JavaScript library’s.
After a bit of digging i found out that it was down to the prototype script, and the other developer who was Chinese was running ‘Cambridge Advanced Learner’s Dictionary’ and he got the same problem at home with Apple.com. (I borrowed a copy of the dictionary from him, but that’s only because it has most swear words in spoken English and is a great way to vent anger in the office).
It was then after a bit of digging around i found that IE allows the dictionary to access the browser, so that you can look up words that are written on the page. Not only is this a stupid thing for IE to allow this app to do, but its also an open door for other applications to gain access to the DOM of the browser, and perhaps grab information you would rather it didnt.
The solution is to stop Internet Explorer from giving all desktop applications any access to the DOM, by unticking the ‘Enable third party browser extensions’ in the Tools > Internet Options > Advanced.
Recent Comments