Charles Pritchard wrote:
The draw back of this scheme is that Canvas can now write to a users hard drive. A Denial of Service exploit could run toTempURL in an infinite loop, filling up the users temporary files directory until the browser puts a stop to the sillyness.
Even worse, doesn't this allow placement of known bytes in a known location on the user's hard drive without the user's knowledge? That's an excellent first step in an exploit; I would be loath to implement something like that in a browser...
-Boris
