Firefox applet fun

I've been hacking the PHPIDS recently and I wanted a pure XSS vector not just script execution, I decided to experiment with the applet tag because it sneaks past the malicious tag detection. I thought to myself I wonder if it accepts the type attribute like the object tag does....

<pre lang="html"> &lt;applet src=&quot;data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTLyk8L3N jcmlwdD4&quot; type=text/html&gt; </pre>

That works it executes the base64 encoded string as HTML! It doesn't stop there though :)

<pre lang="html"> &lt;applet src=&quot;http://www.businessinfo.co.uk&quot; type=text/html&gt; </pre>

The applet tag even acts like a iframe :D