2008 May 2, 1:55Avoid sniffing using the HTTP range header: "...if we have an application...which protects against FindMimeFromData XSS attacks by searching the first 256 bytes for certain strings, then we can
simply place our strings after the first 256 bytes and get Fl
via:swannman http http-header range xss security