Hello,
I noticed article about some IE issue: [1]
And couldn't stop smiling at the amount and spectre of the workarounds needed to prevent attacks ;)
And maybe Jacek (or some other mshtml guy) could test Wine's html engine against the external test case [2] to see whether we are better at handling [3] such XMLs.
[1] http://www.pcmag.com/article2/0,2817,2336831,00.asp [2] http://www.milw0rm.com/exploits/7410 [3] http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4844