[whatwg] Canvas - toTempURL - A dangerous proposal

Kristof Zelechovski giecrilj at stegny.2a.pl
Sat Mar 28 04:46:48 PDT 2009


IFRAME where SRC="javascript:..." has the same disk full problem as
Canvas.toTempURL, and a DOS attack can also be launched simply by creating a
large array that will fill the hard drive with virtual memory.  In general,
handling OOM conditions is not covered by the specification.
Chris







More information about the whatwg mailing list