“It’s rare that Microsoft code gets tested against all comers,
and comes out the resounding victor. It’s even rarer when the
testing involves browser security. But that’s just what’s happened.
A programmer called Michal Zalewski wrote a utility to generate
chunks of badly formed HTML–stuff that breaks all the rules–and
throw it at a selection of browsers. IE swallowed it all and kept
on running. Opera, Firefox, Mozilla and Lynx regularly crashed. His
report on Bugtraq makes sobering reading: single-handedly, he’s
found a whole host of potential exploits in a wide selection of
browsers. But none in IE–how has Microsoft got something so right
while everyone else is in trouble…?”