30 posts in this topic

Posted

Really surprised this hasn't hit Neowin's desk by now.

http://www.maximumpc.com/article/news/html5_hole_major_browsers_lets_sites_fill_your_hard_dive856

Share this post


Link to post
Share on other sites

Posted

Saw it the other day on Gizmodo.
http://gizmodo.com/5987707/thanks-to-html5-this-website-can-fill-your-whole-hard-drive-with-trash

Share this post


Link to post
Share on other sites

Posted

The glorious future of the mighty Flash killer. Welcome, welcome. We've been expecting you. With all your ridiculously stupid troubles, too.

Share this post


Link to post
Share on other sites

Posted

So the browsers at risk don't follow the recommendations the standard says they should, kinda funny.

I wonder if IndexedDB would be susceptible to an attack like this.

Share this post


Link to post
Share on other sites

Posted

I am glad we are replacing Adobe Flash with this new technology.

Share this post


Link to post
Share on other sites

Posted

[quote name='Phouchg' timestamp='1362231620' post='595553352']
The glorious future of the mighty Flash killer. Welcome, welcome. We've been expecting you. With all your ridiculously stupid troubles, too.
[/quote]

I know! Flash have never EVER have holes and security faults!
...
...
...


Shall I continue?

Share this post


Link to post
Share on other sites

Posted

[quote name='sanctified' timestamp='1362258423' post='595554094']


I know! Flash have never EVER have holes and security faults!
...
...
...


Shall I continue?
[/quote]
>missing the point of the post quoted entirely

Share this post


Link to post
Share on other sites

Posted

Mmm, yes.

Please, tell me more about how everyone should use Webkit instead of following open web standards. :whistle:
1 person likes this

Share this post


Link to post
Share on other sites

Posted

In other news... http://www.cemetech.net/projects/jstified/

Share this post


Link to post
Share on other sites

Posted

not trying to flame or anything, just my two cents....this serves to prove that nothing is flawless....instead of jumping the gun and trying to drop flash/flex and so on to adopt html5, one should wait until the platform matures enough and standards are set in stone.

Share this post


Link to post
Share on other sites

Posted

HTML5 isn't even a set standard yet chaps...

...and web storage is only at recommendation stage.

in other words...it's like complaining that is a house is cold before the builder has installed the doors and windows.

Share this post


Link to post
Share on other sites

Posted

^ Well, then perhaps we shouldn't have moved into this house yet... and set the old rented apartment ablaze with such a profound sensation of accomplishment? Gosh knows it may start to rain fish and the roof may not hold as well.
3 people like this

Share this post


Link to post
Share on other sites

Posted

[quote name='paxa' timestamp='1362265399' post='595554268']
one should wait until the platform matures enough and standards are set in stone.
[/quote]

If the effected vendors had actually paid attention to the spec that specifically has recommendations to stop this from occuring, naturally this wouldn't of happened.

Props to Mozilla for actually paying attention.

Share this post


Link to post
Share on other sites

Posted

[quote name='Athernar' timestamp='1362258785' post='595554104']
Mmm, yes.

Please, tell me more about how everyone should use Webkit instead of following open web standards. :whistle:
[/quote]

Given that the problem affects Trident and Presto as well that's a pretty stupid comment to make.

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362273742' post='595554512']
Given that the problem affects Trident and Presto as well that's a pretty stupid comment to make.
[/quote]

No, you just think it's stupid because you're a "Google shill", to borrow your own terminology from other threads.

This not only proves that open web standards and adherence to them is important, but that having a single rendering/layout engine is a bad thing.

Share this post


Link to post
Share on other sites

Posted

So explain to me how it's Google's fault when Webkit (which Google do not actually make just FYI) is not the only browsing engine that is subject to the flaw?

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362359041' post='595556168']
So explain to me how it's Google's fault when Webkit (which Google do not actually make just FYI) is not the only browsing engine that is subject to the flaw?
[/quote]

You need to read the OP and maybe find an email for Feross Aboukhadijeh, he is the one that discovered it.

Share this post


Link to post
Share on other sites

Posted

I did read it, most notably this bit:

[quote][color=#000000][font=Arial, sans-serif]has discovered a [/font][/color][url="http://feross.org/fill-disk/"]bug in Chrome, Safari (iOS and desktop), Opera, and Internet Explorer that makes it possible for a site to fill up the system

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362359041' post='595556168']
So explain to me how it's Google's fault when Webkit (which Google do not actually make just FYI) is not the only browsing engine that is subject to the flaw?
[/quote]

Wow. That's a dumb argument.

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362359041' post='595556168']
So explain to me how it's Google's fault when Webkit (which Google do not actually make just FYI) is not the only browsing engine that is subject to the flaw?
[/quote]

Oh, so Webkit isn't the holy grail of openness that you made it out to be in the Opera thread after all? Or is it just because this doesn't work in Google's favour?

They ship Webkit in both binary and source form, they contribute to the Webkit project, and they were supposed to be the so-called "champions of the open web". So yes, they're just as much at fault for shipping a broken, non-standard implementation as Opera and MSFT.

Share this post


Link to post
Share on other sites

Posted

Funny how people twist your words here when you aren't prepared to sell your soul to Microsoft isn't it.

Chrome is open (ish, chromium), webkit is open. Never did I claim that software being open excludes it from carrying bugs or design faults. And given the other browsing engines it effects, it's clearly something that's common practice in the industry.

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362360806' post='595556252']
Funny how people twist your words here when you aren't prepared to sell your soul to Microsoft isn't it.

Chrome is open, webkit is open. Never did I claim that software being open excludes it from carrying bugs or design faults. And given the other browsing engines it effects, it's clearly something that's common practice in the industry.
[/quote]

Because supporting open web standards means you're a Microsoft supporter, amirite? (Mozilla would of been far more apt)

You argued in favour of Webkit dominance, and now you don't even have the integrity to stick to your own words. Pathetic.

Share this post


Link to post
Share on other sites

Posted

Another misconception. I still think it would be good if they all worked towards the same goal instead of having to compete with each other, I also accept that no software, proprietary or open source is completely free from flaws. If you want to warble on about integrity how about putting your money where your mouth is and not twisting my words? ;)

Share this post


Link to post
Share on other sites

Posted

Competition is good for the industry without it we would still be using rotary phones.

Share this post


Link to post
Share on other sites

Posted

[quote name='Javik' timestamp='1362361291' post='595556276']
Another misconception. I still think it would be good if they all worked towards the same goal instead of having to compete with each other, I also accept that no software, proprietary or open source is completely free from flaws. If you want to warble on about integrity how about putting your money where your mouth is and not twisting my words? ;)
[/quote]

"Flaws"

You mean ignoring the large, red-backgrounded section of the localStorage spec that specifically warns about this "flaw"? Hah!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.