14 DAY TRIAL // With Internet Explorer 8, Microsoft is taking its proprietary IE browser into the territory of HTML 5.0. Not at the same level as Safari 3 or Firefox 3.0/3.1, but the Redmond company will offer support for HTML 5.0, limited as it may be. One illustrative example of HTML 5.0 integration into Internet Explorer 8 is cross-document messaging, an item of the AJAX feature set which can enable a higher level of security when it comes down to implementing mashups with the next iteration of Internet Explorer.
"The Same Origin Policy (SOP) requires that browsers prevent script from accessing the contents of another domain to prevent cross site script attacks," explained Sunava Dutta, IE8 Program Manager, pointing to web-based applications or gadgets that can be embedded on personalized pages. "These components are usually embedded third party scripts. Unfortunately these third party scripts run with the same privileges as the parent page and can potentially access personal data, cookies and other credentials. Attempts are currently underway to secure such script based applications."
As far as Microsoft is concerned, there is a simple way to increasing the security of mashups in Internet Explorer 8, and it can be done via Cross Document Messaging. Developers interested in enabling mashups in IE8 will be able to turn to the postMessage Method. Through this method, IE8 will permit gadgets to transfer text between untrusted modules located in different domains, while at the same time keeping the text-based data exchange secure.
IE8 will be able to play well with mashups in scenarios where web-based components will connect with the parent page in an exchange of both data and permissions. In order to do so, a cross document messaging feature will be developed by the Internet Explorer team in collaboration with the HTML 5.0 Working Group. "Communication using strings is enabled by a postMessage method. Hosting pages or gadgets are advised to check the origin domain of the content before inserting it in its DOM," Dutta added pointing the users to the MSDN documentation for Cross-Document Messaging in Internet Explorer 8.
Internet Explorer 8 (IE8) Beta 1 is available for download here.