Comment by ianai
8 years ago
This could also be seen as a bug on the browser side. I'd also be interested in the browser results for the petabyte version.
I wonder if there's room to do this with other protocols? Ultimately we want to crash whatever tool the scriptkiddy uses.
I thought of http2's hpack. It does have built in protection though...the client sets a maximum header table size. Which encourages client implementations to think about it.