IFRAME where SRC="javascript:..." has the same disk full problem as Canvas.toTempURL, and a DOS attack can also be launched simply by creating a large array that will fill the hard drive with virtual memory. In general, handling OOM conditions is not covered by the specification. Chris