Security non-standard html content as html Attached html files are not shipped as text/html by default, unless ``allow_html_file`` is specified in the configuration. Unfortunately some browsers want to be helpful and render other non-standard content types as html. We now change this to application/octet-stream whenever 'html' is contained in the string (case insensitive). Thanks to Kay Hayen for reporting and helping debug this.