diff options
| author | Rodrigo Arias Mallo <rodarima@gmail.com> | 2025-09-28 20:26:15 +0200 |
|---|---|---|
| committer | Rodrigo <rodarima@gmail.com> | 2025-09-28 23:10:55 +0200 |
| commit | fb510ea86be5ceb9e91573890242581fdbd77ad8 (patch) | |
| tree | d819fe40683592008d136727f5a0b03e48dc1164 /422/index.md | |
Diffstat (limited to '422/index.md')
| -rw-r--r-- | 422/index.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/422/index.md b/422/index.md new file mode 100644 index 0000000..dd4b6fd --- /dev/null +++ b/422/index.md @@ -0,0 +1,13 @@ +Title: Protect against compression bomb +Author: rodarima +Created: Sat, 26 Jul 2025 11:02:43 +0000 +State: open + +Dillo will try to uncompress the complete HTML, which likely will cause it to run out of memory: + +https://ache.one/notes/html_zip_bomb (safe to open) +``` +https://ache.one/bomb.html (will likely crash your browser) +``` + +I think this could be prevented by capping the maximum Content-Length we would display before a question is asked to continue. However, this won't work if the server doesn't provide the header. Ideally we should cap this at the decoder.
\ No newline at end of file |