|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: legitimate use of recursive document loading into IE4
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM - Subject: Re: legitimate use of recursive document loading into IE4
- From: Alex Georgiev <adgeorgiMTU.EDU>
- Date: Sat, 21 Mar 1998 00:19:14 -0500
- In-Reply-To: <199803210025.TAA26698mtu.edu> from "Andrew Kennedy" at Mar 20, 98 11:23:02 pm
- Reply-To: Alex Georgiev <adgeorgiMTU.EDU>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
Andrew Kennedy wrote: # # > Maybe if the recursion case was looked for only after the document had # > been completely loaded (i.e. after the javascript had been executed). # # i think this bug might turn out to be un-fixable - i believe it's known # as the halting problem in computer science circles - it's not possible # to tell whether a given (JavaScript) program will ever terminate, so you # can't ever catch all possible recursive nastiness that can be put into # a web page. the only thing to do is to make sure IE handles running out # of memory gracefully. The part about the halting problem is true - you can't tell if a JS program will ever finish or not. There are, however, some things that can be done to prevent JavaScript from infinite execution: just limiting the depth of recursion is not enough, as infinite loops can also be a problem. Limiting the amount of iterations may not be a great idea, but all DOS attacks that I have seen written in JS were based on infinite loops or infinite recursion. Some other quotas should also be there, like limiting the amount of total windows that can be opened from a JS, or limiting the amount of total memory that a JavaScript can allocate. -- Alex Georgiev adgeorgi
- Prev by Date: Re: legitimate use of recursive document loading into IE4
- Next by Date: Re: legitimate use of recursive document loading into IE4
- Prev by thread: Re: legitimate use of recursive document loading into IE4
- Next by thread: Re: legitimate use of recursive document loading into IE4
- Index(es):