[Webkit-unassigned] [Bug 67940] iframe the page you are on
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 13 03:03:29 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67940
--- Comment #6 from Dave Bowker <davebowker85 at googlemail.com> 2011-09-13 03:03:29 PST ---
(In reply to comment #5)
> It would save some back and forth if you were more specific about the problem.
>
> The word "exploit" is usually associated with security exploits - are you saying that there is one? If so, please mark the bug as security sensitive, and explain why.
>
> Otherwise, what is the problem with displaying nested iframes?
There is no problem displaying with displaying nested iframes, but why would you need an 'unlimited' amount of them? If I were trying to create a security/performance issue i could open hundreds of nested iframes displaying the parent page with the contained iframe inside, which I did.
CPU spiked (Quad core 3.2ghz) to between 80-90%, RAM usage started climbing from 3gb to 6gb in the space of 5 minutes...
I can script something that would kill a browser in javascript fine, but to do this just by using HTML and creating an infinite loop of iframes seems too easy, and easily preventable by just having a nesting depth.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list