IE8 comprehensive protection

Today on the IE blog a big announcement was made regarding the upcoming security features in Internet Explorer 8.

Definitely check it out! Among things it includes an XSS protection filter, HTML sanitizing built straight into the scripting engine and a way to disable the infamous 'content sniffing'. I'd still hope to see the content-sniffing 'feature' to be opt-in, instead of the proposed opt-out solution.. but hey, at least it allows us to plug the hole.

To serve files as text/plain, serve the document with the Content-Type header as:

Content-Type: text/plain; authoritative=true;

I have to say, I'm quite impressed how IE is catching up with things like standards and security.

Web mentions


  • Jorrit Schippers

    Jorrit Schippers

    Is "authoritative=true; " a standard then?
  • Evert


    It's not, but at least it gives us a way to work around the security bug..