Simon Willison’s Weblog

14th April 2008 - Link Blog

Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types.

Posted 14th April 2008 at 8:18 am

Recent articles

Changes in the system prompt between Claude Opus 4.6 and 4.7 - 18th April 2026
Join us at PyCon US 2026 in Long Beach - we have new AI and security tracks this year - 17th April 2026
Qwen3.6-35B-A3B on my laptop drew me a better pelican than Claude Opus 4.7 - 16th April 2026

This is a link post by Simon Willison, posted on 14th April 2008.

browsers 103 contenttypes 3 internet-explorer 74 security 597 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe