diff --git a/lib/linguist/blob_helper.rb b/lib/linguist/blob_helper.rb
index ffe1e278..57c04686 100644
--- a/lib/linguist/blob_helper.rb
+++ b/lib/linguist/blob_helper.rb
@@ -65,6 +65,19 @@ module Linguist
       ['.xib', '.nib', '.pbxproj'].include?(pathname.extname)
     end
 
+    # Determine if the blob contains bad content that can be used for various
+    # cross site attacks. Right now this is limited to flash files -- the flash
+    # plugin ignores the response content type and treats any URL as flash
+    # when the <object> tag is specified correctly regardless of file extension.
+    #
+    # Returns true when the blob data should not be served with any content-type.
+    def forbidden?
+      if data = self.data
+        data.size >= 8 &&                     # all flash has at least 8 bytes
+          %w(CWS FWS).include?(data[0,3])     # file type sigs
+      end
+    end
+
     def language
       if text?
         shebang_language || pathname.language