Private Browsing Mode

Note: This blog post was written before the new Chromium-based Microsoft Edge was announced. As a consequence, it mostly discusses the behavior of the Legacy Microsoft Edge browser. The new Chromium-based Edge behaves largely the same way as Google Chrome. InPrivate Mode was introduced in Internet Explorer 8 with the goal of helping users improveContinue reading “Private Browsing Mode”

Cookie Controls, Revisited

Update: The October 2018 Cumulative Security Update (KB4462919) brings the RS5 Cookie Control changes described below to Windows 10 RS2, RS3, and RS4. Note: Most of the content about “Edge” in this post describes Edge Legacy– modern Edge is based on Chromium and behaves mostly like Chrome. Cookies are one of the most crucial features inContinue reading “Cookie Controls, Revisited”

Cookies and Concurrency, Redux

In yesterday’s episode, I shared the root cause of a bug that can cause document.cookie to incorrectly return an empty string if the cookie is over 1kb and the cookie grows in the middle of a DOM document.cookie getter operation. Unfortunately, that simple bug wasn’t the root cause of the compatibility problem that I wasContinue reading “Cookies and Concurrency, Redux”

ERROR_INSUFFICIENT_BUFFER and Concurrency

Many classic Windows APIs accept a pointer to a byte buffer and a pointer to an integer indicating the size of the buffer. If the buffer is large enough to hold the data returned from the API, the buffer is filled and the API returns S_OK. If the buffer supplied is not large enough toContinue reading “ERROR_INSUFFICIENT_BUFFER and Concurrency”

Duct Tape and Baling Wire–Cookie Prefixes

Update: Cookie Prefixes are supported by Chrome 49, Opera 36, and Firefox 50. Test page; no status from the Edge team.  A new cookie feature called SameSite Cookies has been shipped by Chrome, Firefox and Edge; it addresses slightly different threats. When I worked on Internet Explorer, we were severely constrained on development resources. WhileContinue reading “Duct Tape and Baling Wire–Cookie Prefixes”