W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

[Bug 14329] New: I believe the possible DoS attack "message flooding" should be addressed i.e. a rogue domain uses "postMessage" to crash an implementation, crash another window etc. Jean-Lou Dupont html5@jldupont.com

From: <bugzilla@jessica.w3.org>
Date: Wed, 28 Sep 2011 18:23:05 +0000
To: public-webapps@w3.org
Message-ID: <bug-14329-2927@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=14329

           Summary: I believe the possible DoS attack "message flooding"
                    should be addressed i.e. a rogue domain uses
                    "postMessage" to crash an implementation, crash
                    another window etc. Jean-Lou Dupont html5@jldupont.com
           Product: WebAppsWG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#top
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Web Messaging (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: member-webapi-cvs@w3.org
                CC: mike@w3.org, public-webapps@w3.org


Specification: http://dev.w3.org/html5/postmsg/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top

Comment:
I believe the possible DoS attack "message flooding" should be addressed i.e.
a rogue domain uses "postMessage" to crash an implementation, crash another
window etc.

Jean-Lou Dupont
html5@jldupont.com

Posted from: 173.178.98.120
User agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko)
Chrome/15.0.874.21 Safari/535.2

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Wednesday, 28 September 2011 18:23:07 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:47 GMT