IE XSS Vulnerability Via Non-Text Files

Found this interesting article on splitbrain.org; MSIE facilitates Cross Site Scripting.

The article examines the dangerously weird way Internet Explorer treats nearly any file, even non-text files, that contains some tags in the first few hundred bytes as HTML including the <script> tag. A major no-no in my books.

This could potentially result in personal information (such as cookie data, for example) of IE users to be compromised.