Bugtraq mailing list archives
Re: Object tag crashes Internet Explorer 4.0
From: djsd100 () cam ac uk (David Damerell)
Date: Thu, 6 Aug 1998 10:53:22 +0100
On Tue, 4 Aug 1998, Paul Leach (a Microsoftie) wrote:
The possibility of infinite loops and infinite recursion in HTML has been discussed on the lists before. Trying to detect and prevent them is an instance of the "Turing machine halting" problem, and it is well known among computer scientists to be impossible.
This isn't even remotely true; and isn't made more valid by randomly mentioning the Turing problem (something tells me our Mr. Leach is not a computer scientist himself.) A fairly brute-force approach to their detection would be simply to keep a count of how many times each object had been displayed, and start throwing them away when it exceeded some limit - quite high for, say, images, to allow for the kind of pages with a red button on each bullet point (what I think of this kind of HTML is another matter); quite low for pages of text or framesets - also, establishing an separate upper limit on the overall 'depth' of a given page protects you against the hostile CGI script that serves up the same thing with a million different names. There's probably more sophisticated approaches based on graph theory, but I'm not a mathematician any more. -- David Damerell, Computer Officer, Department of Chemistry, Cambridge Work: djsd100 () cam ac uk Personal: damerell () chiark greenend org uk
Current thread:
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- linux kernel patch - suid procs exec'd with bad 0,1,2 fds Zachary Amsden (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Kragen (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Pavel Kankovsky (Aug 05)
- Re: Object tag crashes Internet Explorer 4.0 David Damerell (Aug 06)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Jeremiah Rothschild (Aug 10)
- Re: Sendmail up to 8.9.1 - mail.local instroduces new class of Scott Stone (Aug 10)
- Network Associates Inc. Advisory (OpenBSD) Security Research Labs (Aug 10)
- Sendmail up to 8.9.1 - mail.local instroduces new class of bugs Michal Zalewski (Jul 09)
- Re: Object tag crashes Internet Explorer 4.0 Alan Cox (Aug 07)
- Description of the Eudora Security Hole Aleph One (Aug 07)
- resend Steve Bellovin (Aug 06)
- Re: resend Casper Dik (Aug 07)
- <Possible follow-ups>
- Re: Object tag crashes Internet Explorer 4.0 Paul Leach (Aug 04)
- Re: Object tag crashes Internet Explorer 4.0 Joe (Aug 05)