IE8 comprehensive protection
Definitely check it out! Among things it includes an XSS protection filter, HTML sanitizing built straight into the scripting engine and a way to disable the infamous 'content sniffing'. I'd still hope to see the content-sniffing 'feature' to be opt-in, instead of the proposed opt-out solution.. but hey, at least it allows us to plug the hole.
To serve files as text/plain, serve the document with the Content-Type header as:
Content-Type: text/plain; authoritative=true;
I have to say, I'm quite impressed how IE is catching up with things like standards and security.