W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas - toTempURL - A dangerous proposal

From: Kristof Zelechovski <giecrilj@stegny.2a.pl>
Date: Sat, 28 Mar 2009 12:46:48 +0100
Message-ID: <95EC76B4DE1547C992474C65C707D722@POCZTOWIEC>
IFRAME where SRC="javascript:..." has the same disk full problem as
Canvas.toTempURL, and a DOS attack can also be launched simply by creating a
large array that will fill the hard drive with virtual memory.  In general,
handling OOM conditions is not covered by the specification.
Received on Saturday, 28 March 2009 04:46:48 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:10 UTC