I've been conducting some tests using the new Edge browser (Canary channel) to see how it compares to Internet Explorer and other web browsers such as Mozilla Firefox and Google Chrome. More in specific, exploring how the new Edge browser behaves for files being that are downloaded and / or executed (automatically) by the browser.
Internet Explorer today offers a smooth user experience for recognized / registered file extensions and allow for certain of them to be automatically executed. Mozilla Firefox provides similar flexibility, putting the end user in full control with a choice upon downloading a file as described in "Change what Firefox does when you click on or download a file", e.g. the Adding download actions option.
The preview builds of new Edge browser do not provide any means of such described functionality. Any allowed extensions / mime-types seems to be pre-determined / hardcoded in the same way as currently seen with Google Chrome. The behavior for various file extensions: the Edge browser will *only* download the file, without any means for the user to control whether or not to automatically execute it.
My research lead me to "Behavior of Download File Types in Chrome" which as I understand it explains the current implementation. The major concern with it is the inability of the end user (or a sysadmin) to override any predefined restrictions. E.g. in a corporate setting, the Edge browser does not offer the functionality to consider file extension / mime-type e.g. 'XYZ' to be treated as 'safe content', with the resulting option to automatically execute such downloaded files if the end user gives its consent.
Such improvement to the new Edge browser would bring its usability for this functionality back on par (or even better) with Internet Explorer, so I'm looking forward to hear what others think of this.
Note: I am aware of the existence of the Internet Explorer mode as recently announced. yet this issue should best be fixed in the new Edge browser itself.
Thank you for your feedback @Pieter_B. I will let the team know about this. I am a little worried that people might be talked into allowing dangerous extensions / mime types, such as .vbs, exe, cmd, bat, etc. which would open them up to remote attacks. Are there specific extensions that you feel are needed?