Sniffen Packets

With a name like Sniffen, it's got to smell good.

What IE 8 ought to do

Joel Spolsky has written several thousand words on the subject of standards compliance, Postel’s Robustness Principle, and their effect on web browsers in general and the new Internet Explorer 8 in particular. His axioms are correct, and he reaches many correct conclusions from them. He misses one alternative open to the IE 8 team, and one critical point of interpretation of Postel’s Law.

First, IE8: if you haven’t read Spolsky’s summary, you should at least know that most big web pages have two sets of CSS and two sets of JavaScript: instructions for IE, and instructions for everybody else. Some now do differentiate between the bugs of Firefox, Firefox 2, Opera, and WebKit. Special features for WebKit Touch are becoming particularly common. IE8 isn’t much like I7. It has many fewer standards-compliance bugs. Web page code sees the IE identifiers, though, and inserts bug-circumventing extras. Pages that look great in Firefox or in IE7 after they’ve worked around its bugs look terrible in IE8. They are often unusable. The Microsoft folks and ex-Microsoft Spolsky have fixed on two futures: one in which IE8 breaks lots of web pages by default, and one in which IE8 ships with a IE7 bug-compatible mode by default.

But the problem doesn’t happen until the web-page code figures out that it’s running in IE and takes action appropriate only to IE7. There’s a very simple technical solution: don’t admit to web pages that this is IE. Microsoft already lies in its user-agent strings, claiming IE to be Mozilla 4.0. They should just lie in the internal tags as well, changing the few symbol names necessary to ensure that none of the common checks for browser identity will give away that this product is marketed and sold as Internet Explorer. What doesn’t work in that scenario?

Separately, Joel (and perhaps the authors of early web browsers) misunderstand a crucial point of Postel’s Law. The proper reaction to malformed tags is not to guess—it’s to remove paired tags and display the content as plain text. Keep the data and the requests, but reject (and log) bad commands and context. There are some commands that should be handled differently, whose content it’s not safe or appropriate to just disclose. But that’s a very limited set. This is how malformed character entities are already handled. Malformed HTML should work in just the same way.