- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Fri, 27 Mar 2009 19:44:14 -0400
Charles Pritchard wrote: > The draw back of this scheme is that Canvas can now write to a users > hard drive. > A Denial of Service exploit could run toTempURL in an infinite loop, > filling up > the users temporary files directory until the browser puts a stop to the > sillyness. Even worse, doesn't this allow placement of known bytes in a known location on the user's hard drive without the user's knowledge? That's an excellent first step in an exploit; I would be loath to implement something like that in a browser... -Boris
Received on Friday, 27 March 2009 16:44:14 UTC