W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2012

Re: [whatwg] Resource loading in browsing context-less Documents

From: Rafael Weinstein <rafaelw@chromium.org>
Date: Fri, 5 Oct 2012 10:38:13 -0700
Message-ID: <CABMdHiT8oeVfcKPRFm5KxwtP4ZLfSOsrxCcS0itr_CpwbjMFFw@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: whatwg@lists.whatwg.org
On Fri, Oct 5, 2012 at 8:54 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 10/5/12 4:23 AM, Anne van Kesteren wrote:
>>
>> Note that you can append such an <img> to a different document later
>> (e.g. the one that executes the script) so fetching it is probably
>> smart.
>
>
> It can also lead to privacy leaks and very upset web developers and
> performance problems...  So it's not quite clear cut.  ;)

Agreed. There have been bugs at Google where pages with templates
containing urls like "http://www.google.com/someImageBucket/{{ id
}}/.jpg" have accidentally fired resource requests and knocked over
servers with the equivalent of a DDOS attack.

>
> -Boris
>
Received on Friday, 5 October 2012 17:38:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:48:11 GMT