Demi Marie Obenour
Demi Marie Obenour
I think this would be great, but I'm more interested in desktop workloads than server ones.
That is awesome! I’ll be watching.
That's another use-case, but I expect SCSI command passthrough to be of only limited use to cloud workloads.
The problem is that while every modern browser uses a multiprocess architecture, there are entities that parse HTML other than browsers, and these are subject to the same attacks. They...
Correct, they are not. But they are generally trying to follow it. I know of no way that a server side application can safely parse HTML according to the specs...
I was thinking to fail if is added by JS, but otherwise to close the tag before adding a new one. On Sun, Jun 3, 2018, 11:38 PM Boris Zbarsky...
It is if we want to ensure that browsers do not stack overflow. Stack overflow can be exploited in practice — for instance, they can be used for a denial-of-service...
It can be in kernel contexts. It also can be in userspace, if a single very large stack allocation occurs and skips the guard page. That said, I still think...
> And while preventing pages from crashing themselves _deliberately_ is not in browsers' threat model, browsers do have incentive to not crash the gmail process when users click on something...
Any limit needs to ensure that it does not create mutation XSS vulnerabilities. I’m not sure how to ensure that, though.