Simon Willison’s Weblog

14th April 2008 - Link Blog

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.

Posted 14th April 2008 at 8:18 am

Recent articles

The Axios supply chain attack used individually targeted social engineering - 3rd April 2026
Highlights from my conversation about agentic engineering on Lenny's Podcast - 2nd April 2026
Mr. Chatterbox is a (weak) Victorian-era ethically trained model you can run on your own computer - 30th March 2026

This is a link post by Simon Willison, posted on 14th April 2008.

browsers 102 contenttypes 3 internet-explorer 74 security 594 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe