W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas - toTempURL - A dangerous proposal

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Fri, 27 Mar 2009 19:44:14 -0400
Message-ID: <49CD64CE.6000807@mit.edu>
Charles Pritchard wrote:
> The draw back of this scheme is that Canvas can now write to a users 
> hard drive.
> A Denial of Service exploit could run toTempURL in an infinite loop, 
> filling up
> the users temporary files directory until the browser puts a stop to the 
> sillyness.

Even worse, doesn't this allow placement of known bytes in a known 
location on the user's hard drive without the user's knowledge?  That's 
an excellent first step in an exploit; I would be loath to implement 
something like that in a browser...

-Boris
Received on Friday, 27 March 2009 16:44:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT