IE7 Using CURI to Handle URI Objects
When some people think of the issues plaguing much of Microsoft's software, they often think that it is the result of lazy coding. Sometimes that is the reason there are issues, other times it could be the deadlines the team had to meet, or it could be that no one actually thought that the potential bug could be a real issue. One of the issues that web developers have had to work around since IE 5 came out was the 2KB limit on URL strings. Another issue was that hackers had the ability to send a malformed URL string to IE to fool it into thinking that their site was a trusted site. Then they could wreak havoc on your computer by sending IE awful Active X commands to trash your system.
IE 7 so far doesn't look like it has a bunch of sexy features, but under the hood Microsoft is really working hard on this release. From the partial standards compliance to running IE under a reduced permissions sandbox if you will, they are really working hard to try to get people to trust the internet again. If that wasn't enough, Microsoft is building tools into IE to detect if a site is on a list of “bad” sites that Microsoft will keep. But one of the coolest enhancements to me is the CURI object. Basically it is a struct that allows a programmer to handle it as such. Since it is not a string, it is possible to validate the CGI variables apart from the rest of the URI. If someone were to try to slip a malformed URI down the pipe, the validation of that CGI string would fail as would the attack. In IE 5 and later, the CGI string was handled as a string and passed around the code. String variables give the developer limited abilities to validate parts over other parts. There are many sub-string functions and libraries out there, many are built into the development languages, but they cost the developer in performance. Was Microsoft lazy, who can say, but it seems as though they are working hard to make IE 7 everything that 6 should have been.