RSSMicrosoft calls omission of IE8 CSS rendering in Office 2010 a 'powerful' feature
By Scott M. Fulton, III | Published June 24, 2009, 12:31 PM
4:00 pm EDT June 24, 2009 · In a marketing driven response that looks a lot more like the old Microsoft than the new Microsoft in terms of explaining away its design decisions, a Microsoft corporate vice president characterized Outlook 2010's reliance upon Word instead of Internet Explorer 8 for rendering HTML text symbolic of what he called "The Power of Word."
Corporate Vice President William Kennedy confirmed that the component of the company's new Office 2010 software -- whose technical preview
is currently next month will be limited to select testers -- will rely upon Word rather than IE for reasons that include system security. "For e-mail viewing, Word also provides security benefits that are not available in a browser: Word cannot run web script or other active content that may threaten the security and safety of our customers," he wrote.
Kennedy defended his company's design decision for the fact that it enables customers to use Word as their HTML editor of choice, for one reason because Word supports features such as SmartArt and Word styles that are found only in Word. He then cited a June 2007 white paper published after Office 2007 first received complaints for this design choice, which its authors characterized as a "rich design experience" that users should come to "embrace."
The CVP also blatantly dismissed not only claims made by an e-mail marketing newsletter publisher about Outlook 2010 continuing to omit full support for CSS style codes, but appeared to attempt to cast doubt as to the legitimacy of the publisher's profession. He cited publisher Dave Greiner's Web site twice and his job once (maker of "email marketing campaign" software) using quotation marks, suggesting false pretenses and adding, "The 'Email Standards Project' does not represent a sanctioned standard or an industry consensus in this area."
Granted, the Email Standards Project is not an industry consortium; however, it is a recognized effort on the part of a producer of marketing software to compel manufacturers including Microsoft, Mozilla, Google, and AOL to adhere to principles that at least some industry players have embraced as standards.
7:15 pm EDT June 24, 2009 · A Microsoft spokesperson suggested to Betanews this evening that Dave Greiner may have been using an unauthorized version of the Office 2010 Technical Preview to obtain his CSS rendering test results posted on FixOutlook.org, adding that no one has officially received the preview code outside of Microsoft. The statement implies that the performance of Word's rendering engine could be improved once the official Technical Preview is released.
12:31 pm EDT June 24, 2009 · An e-mail marketing newsletter publisher has had enough with being unable to design correspondence the same way he designs his Web pages. Today the co-founder of Campaign Monitor, Dave Greiner, launched a Twitter-based campaign of his own to compel Microsoft to discontinue using Word's rendering engine instead of Internet Explorer, for reproducing CSS-formatted e-mails in the upcoming Outlook 2010.
In a blog post this morning, Greiner said "a senior member of the Outlook team" confirmed to him that the next version of Outlook will continue to use Word's more limited renderer. He cites an e-mail he says was sent to him by Outlook Senior Product Manager Dev Balasubramanian, explaining that his team's decision was based on a need to protect Word's status as an authoring tool for Outlook e-mails: "I am aware of where this decision on our part places Outlook from a standards perspective," Balasubramanian writes. "At the same time, we ask that you consider the benefits Outlook users get from having Word tools in their e-mail authoring experience."
Now Greiner and his colleagues have launched FixOutlook.org, essentially a page containing the icons of Twitter users who have joined the campaign by attaching the Web page's URL to their tweets. A check of Twitter this morning shows thousands are joining the cause for one reason or another, including traffic generators that do not, on the surface, appear to be human.
Three years ago, Microsoft made a design decision for Office 2007 that would disappoint many online newsletter publishers: After having leveraged Internet Explorer's rendering engine for HTML-based e-mails in later builds of Office 2000 and 2003, it reverted to using the more limited rendering engine from Word 2007, for rendering formatted e-mails in Outlook 2007.
The reason was never publicly revealed at the time (at least, not until Balasubramanian's e-mail to Greiner). In a 2007 MSDN post, company engineers explained the design decision as a feature: "Microsoft Office Outlook 2007 uses the HTML parsing and rendering engine from Microsoft Office Word 2007 to display HTML message bodies. The same HTML and cascading style sheets (CSS) support available in Word 2007 is available in Outlook 2007."
But privately, testers knew that Outlook's reliance upon Word instead of Internet Explorer eliminated all chances of cross-application exploitation through IE. As this 2002 Microsoft security bulletin attests, too many attempts were being made to generate powerful scripted e-mails that took advantage of flaws in rendering features that were patched or thwarted in Internet Explorer, but exposed outside of IE.
Nevertheless, Microsoft's choice left Outlook users with far more limited methods of layout and expression, forcing many publishers to cut back on their design features even though other e-mail clients such as Mozilla's Thunderbird remained unconstrained.
Today, Outlook users don't actually have to launch Word to produce formatted e-mails. But thanks to the long-standing Component Object Model relationship between Office components, the tool used for writing formatted e-mails is actually delivered to Outlook through Word. (That's one ironic reason why the composition window contains the new ribbon front-end, while Outlook 2007's home window missed the deadline for converting to the ribbon.)
For folks who don't compose formatted e-mails with Outlook's borrowed tools, Microsoft publishes a CSS validator that can check a document for unsupported elements. That validator was designed to be used in conjunction with Microsoft's own tools such as Visual Studio, as well as Dreamweaver. That unsupported elements list is colossal, disallowing such features as inline framing, built-in menus, JavaScript events, and the all-important <script> element.
Greiner's new Web page borrows a New Zealand-based newsletter (which appears to be out of publication since last October) to demonstrate how a non-validated Web page appears when rendered by Outlook. Betanews checked out that newsletter: Abiding by many of the suggestions made by professional Web designers, the CSS for "Soul Purpose" was all embedded in the document -- there were no links to external stylesheets, eliminating one opportunity for cross-site scripting vulnerabilities. E-mail clients that do support full CSS often prefer the code to be embedded in the page rather than linked, so "Soul Purpose" was following the rules.
This shows how Outlook 2007 currently renders the same page, and how Greiner says he's been told that Outlook 2010 will render it as well. Microsoft has yet to publicly confirm this speculation, although Office testers had actually been anticipating the company to either make significant improvements in its Word HTML renderer -- thus at least cutting down on the number of unsupported elements -- or building an option to enable Outlook to safely use IE8 as an alternative renderer.
If neither prospect comes to fruition, it's likely that Dave Greiner and his colleagues will remain angry. Though by that time, the Twitter patter may have either subsided or switched to another cause-of-the-week, after which it may come time for the master of electronic marketing campaigns to come up with an appropriate sequel. On the other hand, if Microsoft does make the change, perhaps someone could register "PatchOutlook.org."
IMO I just want my email to be simple and to the point. You have something to tell me, type it out. I dont want or need web pages mailed to me
Score: 1
|BTW: Totally off topic:
Pricing for Win7 released!
http://arstechnica.com/m...-cheaper-than-vista.ars
Pre-Order:
Home Premium: $49.
Professional: $99
Available from the 26th through the 11th (While "supplies" last...whatever that means...)
Looks like I'm spending $150 this weekend. ;)
Score: 0
|Somehow, "Word" and "HTML" in the same sentence makes me shiver. Word is hardly good at simple hypertext, let alone web browsing. I wonder who at Microsoft thought it would be a brilliant idea to turn Office into an HTML renderer. And we fools thought Acrobat Reader was bloated!
Score: 1
|Then "click to view in a web browser" as the Office2010 yellow bar indicates. :)\
Cite from fixoutlook.org picture linked: http://farm4.static.flic...814200_a2aa59bc89_o.jpg
Score: 0
|"Word also provides security benefits that are not available in a browser: Word cannot run web script or other active content that may threaten the security and safety of our customers," he wrote."
Sure. On the other hand doesn't Word run VBScript and didn't Melissa worm in fact leverage this in past? Or did Microsoft change all that...
Score: 0
|Surprise, surprise. Microsoft has no interest in supporting real industry standards. They have the worst standards compliance of any browser. They have the slowest performance of any browser. Why should the super expensive, bloated, proprietary, Word, be any different?
Score: 1
|Somewhat amusing that MS has lost confidence in its own browser.
Score: 1
|yeah, even Microsoft admits IE is totally insecure. All this in a bid to steer the sheep to Silverturd in the long run.
Score: 1
|Yay for reading comprehension...
"were patched or thwarted in Internet Explorer, but exposed outside of IE."
RTFA once in a while, genius.
Score: 0
|Kinda proves my point, PC_Tool. Thanks!
Score: 0
|On what planet does;
"patched in IE"
equate to
"even MS lost confidence in their browser"?
Seriously... I wonder about you people sometimes... ;)
Score: 0
|"Microsoft publishes a CSS validator"
I find that the most ridiculous thing that Microsoft are saying here. Using the term validator is a cheek.
Make Word's rendering better is the simple answer to all this. Which I'm sure bits of code from IE could be used to fix (not actually using the IE files, but making fresh copies of bits of them).
But why you're using Outlook if you give a s*** about these things I don't know. I suppose only those who are doing marketing need give a s***.
Score: 0
|"Which I'm sure bits of code from IE could be used to fix (not actually using the IE files, but making fresh copies of bits of them)."
Duplication of code=bloat. Can't win.
"But why you're using Outlook if you give a s*** about these things I don't know. I suppose only those who are doing marketing need give a s***."
People using it for marketing are idiots. There's a reason apps like Publisher and Acrobat exist. :)
Something about using the right tools for the job comes to mind but I can't put my finger on it... I guess they'd rather b**** about it than actually get any work done.
Score: 1
|By the marketing types I mean they need give a s*** because it now/still won't display their emails properly.
Score: 0
|Right tools for the job again. PDF's display just fine regardless. ;) (And can even contain links)
Score: 0
|Microsoft can't even tie their shoes without mucking up the works. They make decisions and regardless of it being stupid or not they just say, 'this is how we're going to do it and that's it.'
The fact they REVERTED shows they're too freaking lazy to fix the problems or develop Outlook, they would rather restrict the program as opposed to making it secure.
Every other email client I've used has full HTML/CSS support. So your telling me the techno-compnay of the world, that has it's Operating System on 90% of the world can't make an email client that can handle HTML/CSS...
Just another reason why having a closed source software company like Microsoft making decision [for the world] is just stupid.
Thanks for reading!
Score: 0
|*laughing*
Windows Live Mail supports HTML/CSS just fine.
Outlook has to be more secure than "Every other E-Mail client". This decision pretty much guarantees that.
'Nuff said.
Score: -1
|By "full HTML/CSS" you mean mostly full, right? Most email clients don't support javascript for security reasons. Same too, for forms and iframes. I think you can turn these on in the Mozilla email browsers but I haven't looked lately and they only account for a very small portion of the internet anyway.
http://www.campaignmonitor.com/stats/email-clients/
Many of the web-based ones strip CSS if its linked or in the header, too.
Score: 1
|try Eudora.. it's awesome back in 1992..
today is there anyone else besides m$?? When will the EU sue them for having the best software again??
Score: 0
|* ROFL *
Thanks for another email signature...
"Outlook has to be more secure than "Every other E-Mail client". This decision pretty much guarantees that."
*ROFL*
Score: 1
|That's probably why the OP said "HTML and CSS", not "HTML, CSS, and JavaScript."
Score: 0
|@fatty:
Glad to see you're so amused by your own ignorance. :)
Score: 0
|Hey, guys... Here's a thought:
Stick with Outlook 2000/2003?
*gasp*
Naw, it's so much more fun (and less productive) to start a grass-roots whine-fest. Get over yourselves. (and stop sending me those stupid fraking newsletters!)
Score: -1
|I could care less about which OS a person uses. that your choice but this shows it is getting beyond silly concerning MS. We've reached a point in which MS is "damned if they do and damned if they don't" and before supporters of Apple or Ubantu (sp?) storm my castle with blazing torches and burn me at the stake, I would say the same thing about those OS.
Score: 0
|You mean you couldn't care less. :) (reread what you wrote). And it's Ubuntu (U bun to U [here's your bun]). And to be technical, Apple is the company and OS X (or MacOS, for older versions) is the OS. :)
Score: 0
|