Ever wonder why Microsoft Outlook Web Access (OWA) has problem displaying message composer for composing new messages and replying others' mails?
It is all because of missing DHTML Editing Controls, which are not included in Windows Vista build, specifically IE 7, so as to reduce the attack surface in Windows Vista. Blog post on removal of DHTML controls is here - http://blogs.msdn.com/ie/archive/2006/06/27/648850.aspx.
Historically, these DHTML editing controls have some known security issues documented in this Microsoft security bulletin, http://www.microsoft.com/technet/security/Bulletin/MS05-013.mspx.
Although the vulnerability has been fixed with update patches which can be found in the above Microsoft site, Microsoft WebDevTools Team found it appropriate to be removed in Windows Vista IE 7 after doing some analysis on the real-world usage of the control.
So what does it mean to us, developers?
There will be some impacts on our existing applications which use DHTML editing controls if they were to run in Windows Vista. More information on DHTML editing control is here.
Paragraphs extracted from IEBlog:
The DHTML Editing Control shipped in Windows XP and Windows 2003 Server, in a file called dhtmled.ocx. This file contained two flavors of the control:
- DHTML Editing Control (Safe for Scripting). This version of the control is marked safe to script, and can be used to provide visual editing of HTML content when browsing a web site in the Internet Explorer browser. The component GUID for this flavor of the control is: 2D360201-FFF5-11d1-8D03-00A0C959BC0A.
- DHTML Editing Control (For Applications). This version of the control is less restricted and is typically used inside a Windows application to provide visual editing of HTML content. An example would be a C++ or Visual Basic application which hosts this component to provide visual HTML editing. The component GUID for this flavor of the control is: 2D360200-FFF5-11d1-8D03-00A0C959BC0A
As there are two flavors of the controls, it is likely that your Windows and Web applications that use these controls will be pontentially impacted by this change. To determine if your applications are impacted by the change as well as the possible migration strategies, follow up on this whitepaper, a good technical documentation - http://blogs.msdn.com/ie/archive/2006/06/27/648850.aspx
For Windows applications, you can download the installer for DHTML Editing Controls here - http://www.microsoft.com/downloads/details.aspx?FamilyId=B769A4B8-48ED-41A1-8095-5A086D1937CB&displaylang=en.
Unfortunately, the installer is only packaged with one flavor of the controls, "For Application" but not with "Safe for Scripting", thus, it will only solve the problem of Windows Applications.
For Web applications, you will have to switch to other third-party controls such as FreeTextbox, recommended by Microsoft.
Coming back to the problem with OWA, you can download the patch for Microsoft Exchange server here. http://support.microsoft.com/kb/911829.
So how are you getting ready for the upcoming Windows Vista launch? Let's get started today...