[whatwg] Canvas - toTempURL - A dangerous proposal

Boris Zbarsky bzbarsky at MIT.EDU
Fri Mar 27 16:44:14 PDT 2009

Charles Pritchard wrote:
> The draw back of this scheme is that Canvas can now write to a users 
> hard drive.
> A Denial of Service exploit could run toTempURL in an infinite loop, 
> filling up
> the users temporary files directory until the browser puts a stop to the 
> sillyness.

Even worse, doesn't this allow placement of known bytes in a known 
location on the user's hard drive without the user's knowledge?  That's 
an excellent first step in an exploit; I would be loath to implement 
something like that in a browser...


More information about the whatwg mailing list