Comment by brian-armstrong
8 years ago
Do browsers protect against media served with Content- or Transfer-Encoding like this? If you use something that lets you embed images, what's to stop you from crashing the browser of anyone who happens to visit the page your "image" is on?
Nothing. I mean, crashing browsers with a client-side DoS is possible in many ways.
With some horrible WebGL code I've crashed the macOS compositor before.
Browsers alredy have massive codebases, I can't really imagine securing every non-security critical DoS vector