Just came across this post on MSDN weblogs which points to this MSDN article which identifies the common patterns that scripters leverage that can cause leaks within web applications for users browsing with IE (any browser that uses MSHTML really).
The gist of the problem is that both JScript, Microsoft’s ECMAScript implementation, and MSHTML, the HTML rendering engine built into windows and leveraged by IE, are COM based. Even though this is completely transparent to scripters, we can still get bit by COM’s circular reference problems. Kinda makes you love the non-ref counting, garbage collection based managed world we live in these days that much more, huh? 😉
What makes this problem even stranger is that the active scripting architecture is supposed to be able to dump all external references upon a call to IActiveScript::Close. Does IE not call this method when a page is navigated from? Did the JScript engine not implement this method correctly? Inquiring minds want to know!