You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jun 26, 2019. It is now read-only.
A malicious iframe can request tiny resources that advertise huge dictionaries. Unless we data account those dictionaries, the frame can use the huge dictionaries as an effective way to bypass data accounting.
Counting SDCH downloads to a particular frame has a complex implementation cost in Chromium. Do we think we can move encodedBodySize to decodedBodySize to fix this bug?
The text was updated successfully, but these errors were encountered:
I agree that there will be edge cases to consider here with any form of shared dictionary / delta compression mechanisms. However, none of those are well formed yet.. I propose we close this and tackle that when it actually starts to smell like a real thing? :)
A malicious iframe can request tiny resources that advertise huge dictionaries. Unless we data account those dictionaries, the frame can use the huge dictionaries as an effective way to bypass data accounting.
Counting SDCH downloads to a particular frame has a complex implementation cost in Chromium. Do we think we can move encodedBodySize to decodedBodySize to fix this bug?
The text was updated successfully, but these errors were encountered: