Guidelines for add-on developers

It’s well understood that the typical computer users today spend much of their time in their web browser, making it the most important software on their computer.  Users expect their browsers to be easy to use, fast, stable and secure.

Over the past few months, users have downloaded thousands of great browser add-ons from www.ieaddons.com and other web sites.  Users want to use browser add-ons to enhance their browsing experience, not hinder it or make it more confusing.   

We have published a full list of guidelines to help add-on developers create quality add-ons.  We created these guidelines to respond to demand from the developer community and to help share the thinking of the IE team, gathered from years of providing support to users and developers.   We strongly recommend that developers follow these guidelines when developing add-ons for IE users.  We occasionally come across add-ons that violate these guidelines so egregiously that we treat them as malware; on the other hand, we frequently see really helpful and creative add-ons that put the “user in control” and enhance the browsing experience.  Here are the core aspects of our guidelines:

Do not limit the user’s ability to access Internet Explorer features

Users require access to the entire set of Internet Explorer features, including but not limited to: the address bar, search box and new tab page to navigate and search the Internet easily and safely.  Users expect these features to be available to them at all times and our support data shows that users are confused and unhappy when these features are obscured or changed.  Please don’t write add-ons that hide, obscure or limit access to Internet Explorer features. 

Do not limit the user’s ability to control Internet Explorer settings

It’s important that users be able to control their browsing experience.  We’ve provided many configuration options for IE users to help them set up their browser exactly how they want it and protect themselves from potentially harmful malware. (See previous my previous post on toolbars and search defaults)

To support this guideline, add-on software should not remove or limit the user’s ability to view and modify IE settings.

Only use supported APIs

Add-ons should only use supported Internet Explorer and Windows application programming interfaces (APIs), detailed on MSDN. Using an unsupported method of extending Internet Explorer or relying on implementation details in a specific version of IE may cause browser stability problems when Internet Explorer is updated.  Also, when two add-ons try to use the same unsupported method of extending Internet Explorer they might crash the browser – our APIs are specifically designed to prevent this kind of problem.

Microsoft is committed to working with all add-on software developers to ensure that our mutual customers – you, the user – have a great experience when using Internet Explorer with add-ons. If you are developing or maintaining an Internet Explorer add-on, please review our guidelines and ensure that your add-ons deliver a good long-term experience for users.

Thank you,
Frank Olivier and Herman Ng
Internet Explorer Program Management

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Real life observation tells us that, more often than not, those who work the hardest achieve the most

  • Anonymous
    September 09, 2009
    Please add this features to the next version of iE

  • Download manager
  • Integrate multipe windows into tabs or unstack tabs into separet windows function. -SVG support -Full CSS 3.1 support Thanks!
  • Anonymous
    September 09, 2009
    "Full CSS 3.1 support" No such thing.  Maybe you mean CSS 3? It's not even close to being a standard yet - technically CSS2.1 isn't either, though it's a lot closer - so you are asking for IE to support something that will change after it's released?  Which then means YET ANOTHER rendering mode that needs to be preserved in perpetuity? ("css3 final mode" "css3 as it was when IE9 came out mode") think before you ask for such things (though I agree with the others... an integrated download managed based on BITS would be nice)

  • Anonymous
    September 09, 2009
    Download managed based on bits would be very nice...

  • Anonymous
    September 09, 2009
    I agree with the sentiment behind this post, but can't help but laugh at some of the points.  "Only use supported APIs"?  I'd love to!  Except that you don't provide any APIs for many of the core browser features.  Which limits my options to (a) not supporting the most used browser in the world or (b) finding an unsupported API that kind of does what I need and then hacking at it until things appear to work correctly.  It's certainly not what I want to do, but you don't give me much of a choice. Might I suggest a set of guidelines for browser developers?  Guideline 1: make core browser functionality available to add-on developers through a set of standard APIs. Colin

  • Anonymous
    September 09, 2009
    The comment has been removed

  • Anonymous
    September 09, 2009
    i know some apps like symantec change security settings all the time

  • Anonymous
    September 09, 2009
    Hi, Not happy with Exp 8. Its slow and there are lots of application frezes and crashes. Worst of all you make it impossible to get back to Explorer 7 as it wont load because "there is a more up to date version already on the machine" the only way I can see to do this is to go to Firefox or Google and load theire sytems and the reload Explorer 7. However I found Firefox interesting so am planning to persevere with them. Now if only you'd opted to provide a retrofit download you would still have me as a user. Mike

  • Anonymous
    September 09, 2009
    @Mike: As alluded to in this post, most IE crashes and hangs are caused by buggy browser addons. You can easily confirm this by running in No Add-ons mode: http://www.enhanceie.com/ie/troubleshoot.asp#crash If you want to go back to IE7, you can uninstall IE8: http://www.enhanceie.com/ie/ie8.asp#uninstall

  • Anonymous
    September 09, 2009
    One set of addons we sure as heck won't ever need is anything dealing with security b/c MS built everything right into their browser.  Internet Explorer is synonymous with security, which is why it's market share is going up, up, up.  Take that hackers and malware writers.  You've met your match.

  • Anonymous
    September 09, 2009
    @ILuvIE, you're correct that "security" addons tend to be particularly problematic. Such addons often try to thunk private interfaces or do other things that cause reliability or performance problems. (e.g. http://blogs.msdn.com/ieinternals/archive/2009/07/20/IE8-Performance-and-Speed-Tips.aspx) Fortunately, SmartScreen was designed for minimal performance impact, and it has proven very effective against the malware threat. http://blogs.msdn.com/ie/archive/2009/08/13/real-world-protection-with-ie8-s-smartscreen-filter.aspx

  • Anonymous
    September 09, 2009
    The comment has been removed

  • Anonymous
    September 09, 2009
    Do you guys have a tutorial for making IE add-ons in .NET? I've seen http://msdn.microsoft.com/en-us/library/bb735853%28VS.85%29.aspx. I don't know ATL/COM very well. There's a less steep learning curve for Firefox add-ons (and JS hides a good portion of the XPCOM plumbing code I would else have to write). The language and framework you have to write add-ons for will limit the number of add-on developers. That said, if you do have one I hope it beats into people's skulls that IDisposable interfaces have unmanaged resources they should dispose of. There's a USING keyword in C# people, USE IT! Colin, what are you trying to do? It's important to state (to some extent) what problem you're actually having (in your case - what API is missing). I'm sure somebody out there would be willing to assist you or at least confirm your claim. Drive-by complaints with no additional information are not helpful. Can't fix something that's broke if nobody communicates it's broken properly (e.g. "IE 6/7 innerHTML not complaint" is not nearly as helpful as "IE 6/7 innerHTML leaves LI tags unclosed". To their credit I think they actually fixed that in IE 8 standards mode).

  • Anonymous
    September 09, 2009
    The comment has been removed

  • Anonymous
    September 09, 2009
    very useful for me!    ---- @ Eduardo Valencia ----    ||  Please add this features to the next version of iE    ||  - Download manager    ||  - Integrate multipe windows into tabs or unstack tabs into separet windows function.    ||  -SVG support    ||  -Full CSS 3.1 support    ||  Thanks!

  • Anonymous
    September 10, 2009
    @Colin: I can only guess what would happen if such an API existed... every other add-on author would start spamming my Favorites with what they think are great links (and possibly removing or demoting those of their competitors). No, thanks. Don't get me wrong... I'm sure there are legitimate uses of such a feature, but since it could be badly abused I'd rather my browser didn't have it. Regards, --mc

  • Anonymous
    September 10, 2009
    Mario: except people can already do it, just in a dirtier and less safe way. So letting people do it in a clean way wouldn't make anything worse. Besides, you should naturally only install add ons from vendors you trust. If you just install many random add ons, then you're just asking for troubles.

  • Anonymous
    September 10, 2009
    Stifu: I agree that you should never install anything from an untruste source, but that is not what I am concerned with. Several major companies seem to think that their applications are a gift to humanity and will do everything they can to make sure you don't miss it (I'm thinking, for instance, of the pesky Reader icon that Adobe keeps placing on my desktop at every update) True, they can still rummage in my favorites using undocumented and unsupported methods, but I still hope that the fear of getting broken by an update may act as a deterrent. I'm afraid that having a "legitimate" way to do it could actually make things quite worse.

  • Anonymous
    September 10, 2009
    @Qwinton asked: "Do you guys have a tutorial for making IE add-ons in .NET?" Yes, tutorials exist, but no, you shouldn't write Add-ons in .NET as a general rule. See the end of http://blogs.msdn.com/ieinternals/archive/2009/08/21/agcore-addon-hangs-Internet-Explorer.aspx for a discussion of this.

  • Anonymous
    September 11, 2009
    Only One word to characterize such a great post “WOW” that was a very interesting read

  • Anonymous
    September 12, 2009
    If the .Net architecture is totally the wrong thing to develop an IE addon in - is there a way to tell if an addon was written in .Net? I'd like to be able to remove all the ones that will slow down my IE as opening tabs in IE is already ridiculously slow as it is! stan

  • Anonymous
    September 14, 2009
    While I appreciate your effort to set up guidelines for add-on developers, I would like to question the meaningfulness by the example of the Quero add-on I developed: Quero is a replacement for the navigation/address/search bar and an ad blocker for IE8. Users install it to intentionally replace "core features" of IE with Quero. >Do not limit the user’s ability to access Internet Explorer features In the Quero case users want to intentionally limit access to IE features such as hiding the standard navigation bar, removing the toolbar close button or hiding the favorite button.

  • Anonymous
    September 14, 2009
    >Only use supported APIs Unfortunately, as a matter of fact, many essential functions are not accessible via supported APIs. Examples are but are not limited to the following:

  • customize IE's user interface

  • hide the toolbar close button (some users prefer to intentionally remove them)

  • hide the favorite button

  • hide the address bar

  • IE8 is also lacking official APIs for filtering DOM maninpulations necessary for implementing an ad blocker

  • functions to get the information from the active security certificate (SSL, EV) You can either rethink the proposed guidelines or you will eventually loose many useful add-ons by enforcing too many restrictions upon them. Best regards, Viktor Krammer

  • Anonymous
    September 15, 2009
    I agree with Viktor - the "generalized" statements need some context. removing a control from the user to replace it with a better control is acceptable as long as the functionality is improved upon. e.g. I would use any addon for IE8 that fixes the address bar to either offer an option to toggle the domain highlighting or change how it is rendered.  The graying out is fine for some but I find it highly annoying and I lose functionality.  If there is an addon that bolds the text or underlines it for the domain portion of the url I would gladly install it. It also seems that there needs to be a tester application to check if addons were made with .Net so that we can remove them ASAP. I would also like to see similar guidelines for web development.  e.g. how to get rid of all document.all references and flag all properties and methods in IE that are not part of the standards.

  • Anonymous
    September 15, 2009
    >If there is an addon that bolds the text or underlines it for the domain portion of the url I would gladly install it. Yes, the Quero Toolbar ;-) which is the first add-on that implemented domain highlighting. It literally hightlights the domain by a background color, and it can be turned off too.