Re: Object tag crashes Internet Explorer 4.0

[joe () BLARG NET (Joe)]

On Tue, 4 Aug 1998, Paul Leach wrote:

> I meant the variant of HTML that includes object tags and J-Script/VB-Script
> that has conditional statements and recursion -- which is enough to make it
> Turing complete. If the precise name of that is DHTML, it's not relevant --
> as far as users are concerened it's stuff in web pages that nearly all
> browsers know how to and will execute and will throw it into a
> non-terminating computation -- which makes it "HTML" as far as they are
> concerned.

<RANT>

Oh give me a break. This is not a "variant of HTML", this -IS- HTML as laid
down by the W3C spec. Terminology -is- relevant because no one on this list
is the typical "user".  More importantly, what we are discussing here is
most certainly NOT "stuff in web pages".

IT'S INPUT - NOTHING MORE, NOTHING LESS.

The First Deadly Sin of Programming: Trusting user input.

Web browsers should consider ALL web content to be nothing more than user
input and should have built in checks against improper or illogical input -
just like any properly written program will. Instead, the browser
manufacturers tend to treat this "stuff in web pages" as if it were gospel
or worse, source code. (*shudder*). Although CLASSID may be used
to specify the location of an object's implementation via a URI, does it
make sense to point the browser to an object contained within the same URI
as the calling resource? No - it doesn't - so the CLASSID=#<anything> should be
ignored. Granted, this violates the spec since a relative anchor is a valid
URI - but violating the spec has never been a problem for the browser makers
so why start worrying now?

This is NOT a "Turing machine halting" or infinite recursion problem. The
problem in this case lies somewhere between the keyboard and the brain of
the programmer that wrote the chunk of code in IE that accepts
CLASSID=#<anything> as valid -input-.

Write clean code, stop trusting input, and once you've done that THEN
you can get pissy about terminology. Until then your defense of this
bug is ludicrous.

</RANT>

> > -----Original Message-----
> > From: kragen () pobox com [mailto:kragen () pobox com]
> > Sent: Tuesday, August 04, 1998 2:37 PM
> > To: Paul Leach
> > Cc: BUGTRAQ () netspace org
> > Subject: Re: Object tag crashes Internet Explorer 4.0
> >
> >
> > On Tue, 4 Aug 1998, Paul Leach wrote:
> > > The possibility of infinite loops and infinite recursion in
> > HTML has been
> > > discussed on the lists before. Trying to detect and prevent
> > them is an
> > > instance of the "Turing machine halting" problem, and it is
> > well known among
> > > computer scientists to be impossible.
> >
> > Certainly not.  HTML is not Turing-complete.  In fact, detecting and
> > preventing infinite loops and recursion in HTML simply requires
> > traversing a directed acyclic graph and determining that it is, in
> > fact, acyclic.  This is simple.
> >
> > Perhaps you're thinking of DHTML.  Or perhaps you're thinking of some
> > kind of evil, twisted web server that serves up the same page under an
> > infinite number of different names, each modified to include a frame
> > reference to that page under a different name.
> >
> > Kragen

--
Joe H.                                  Technical Support
General Support:  support () blarg net     Blarg! Online Services, Inc.
Voice:  425/401-9821 or 888/66-BLARG    http://www.blarg.net