W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas - toTempURL - A dangerous proposal

From: Kristof Zelechovski <giecrilj@stegny.2a.pl>
Date: Sat, 28 Mar 2009 12:46:48 +0100
Message-ID: <95EC76B4DE1547C992474C65C707D722@POCZTOWIEC>
IFRAME where SRC="javascript:..." has the same disk full problem as
Canvas.toTempURL, and a DOS attack can also be launched simply by creating a
large array that will fill the hard drive with virtual memory.  In general,
handling OOM conditions is not covered by the specification.
Chris
Received on Saturday, 28 March 2009 04:46:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT