Chaos Magnet

How to survive the changes to IE

So I posted over at InformIT about How to survive the changes to IE.

So what are the actual changes? Well, it turns out to not be as bad as originally thought. The patent covers the automatic loading of an application that resides on a remote server, so a page either needs to avoid automatically loading the application or loading it from a remote server. For the former, IE will pop up a window asking the user to click a button to load the Active X control. For the latter, Microsoft has guidance on embedding the data directly into the page so that it doesn't actually have to be loaded remotely. They also provide a look at using JavaScript to create the object tag in such a way that the patent isn't violated, but you don't have to jump through a hundred hoops to keep the dialogue box from coming up.

What I want to know is: how does this embedding affect security? Is it possible that slimebags are currently embedding the code in the page to avoid warnings about downloading controls?

Technorati tags:

src="http://feeds.feedburner.com/~s/ChaosMagnet?i=http://www.chaosmagnet.com/blog/archives/000303.html" type="text/javascript" charset="utf-8">