But even when the script does lock up the browser UI, all browsers normally pop up a dialog after a while giving you the chance to stop the script. And in the occasional case where Firefox seems not to do that, restarting the browser is usually a simple and effective solution, since it will remember all the tabs you had open, including (usually?) everything you've entered into forms, etc., and you can choose not to reopen particular tabs if they're causing trouble.
So it's not really comparable in the slightest. As for allowing embedding of cross-origin images in canvas but not giving script access to their content, well, that's usually a bad idea anyway.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds