If you insert a page of HTML as text/plain, it will not be filtered, being a 'safe' content-type. However, M$IE (tested a fairly recent version - somewhere between 5 and 6 inclusive), will recognize the HTML, and render it. So... we need to have loud warnings not to use IE, all over the place, in the README, but especially, we need fproxy to scan for IE's header signature, and if detected bring up a clickthrough page (like for new build versions, make it a bit more stubborn - force users to copy a URL into the address bar by hand would do it), explaining all this if it detects M$IE using it. Alternatively, we could filter out bad HTML/CSS regardless of the supposed MIME type.
msg03755/pgp00000.pgp
Description: PGP signature
