- From: Rafael Weinstein <rafaelw@chromium.org>
- Date: Fri, 5 Oct 2012 10:38:13 -0700
- To: Boris Zbarsky <bzbarsky@mit.edu>
- Cc: whatwg@lists.whatwg.org
On Fri, Oct 5, 2012 at 8:54 AM, Boris Zbarsky <bzbarsky@mit.edu> wrote: > On 10/5/12 4:23 AM, Anne van Kesteren wrote: >> >> Note that you can append such an <img> to a different document later >> (e.g. the one that executes the script) so fetching it is probably >> smart. > > > It can also lead to privacy leaks and very upset web developers and > performance problems... So it's not quite clear cut. ;) Agreed. There have been bugs at Google where pages with templates containing urls like "http://www.google.com/someImageBucket/{{ id }}/.jpg" have accidentally fired resource requests and knocked over servers with the equivalent of a DDOS attack. > > -Boris >
Received on Friday, 5 October 2012 17:38:40 UTC