Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.