Re: The Dangers of Allowing Users to Post Images

[Paul de Vrieze <P.T.deVrieze () kub nl>]

On Tue, 31 Jul 2001, Dan Harkless wrote:

> Sorry for the very late reply to this thread, but in case anybody's
> wondering whether the recently-released 4.78 fixes this bug, it does not.
>
> When I visit the page, though (and perhaps on version 4.78 in general), it
> doesn't crash until you click on the close box for one of the Composer
> windows.
>
> I tested on Win2K Pro.

I don't really think this is an issue, if you want to it is easy to write
a web page that will crash a client. Of course you will want a scripted
page for that, but one trick is to sent a lot of <table> tags after
eachother without closing them in an endless loop.

This will very fast consume a lot of browser memory, which will cause the
browser to lockup. If you're running win2k you will be able to kill the
browser, but if you are running a win9x variant you must hope you pressed
the stop button fast enough, or your browser and possibly windows itself
will crash.

I'm sure there are more of these tricks to be made up, but I don't
consider them worth the title bug.

Paul de Vrieze

-- 
  ___
 /~~~\  | Paul de Vrieze
| O-O | | Student of information management and technology
|  _  | | Mail: Info () devrieze net
 \___/  | Homepage: http://stuwww.kub.nl/people/pavlvs