Phew, we're all safe then.

Actually, that page is pretty old, and modern versions of both Netmoscapezilla and IE are more robust.


That's what I was getting at. There aren't many secrets left in HTML anymore. And yes, there are client-side risks associated with running unsafe content, be it JavaScript, Java applets, ActiveX controls, etc. But frog51 was basically saying that any HTTP server serving HTML content was at risk for some kind of exploit where one could "take over" the server, and my several years of experience as a netcentric security software developer tells me otherwise. But if such a thing in HTML existed, I would love to know about it so I can make sure my company's servers are protected from it!