MichaelXF
commented
1 year ago You are right. The new behavior will just be an infinite loop as the default countermeasure. I will change this for next update.
Open mini-programmer opened 1 year ago
MichaelXF
commented
1 year ago You are right. The new behavior will just be an infinite loop as the default countermeasure. I will change this for next update.
Le0Developer
commented
1 year ago An infinite loop can be easily stopped by just pressing the "Pause script execution" button in devtools. There are better ways to crash a tab like spamming iframes. (this absolutely kills devtools if it runs for a few seconds)
for(;;) {
let a = document.createElement("iframe");
a.src = "data:,"
document.body.append(a)
}EDIT: edited to replace "/" with data:,, so it doesnt dos your webserver. Lot more effective now too.
fuzzbuck
commented
1 year ago Maybe the countermeasure should be configurable?
Some may want to just pause script execution, and others crash the page..
MichaelXF
commented
1 year ago @fuzzbuck The countermeasures is configurable by setting it a string, it can be a custom callback. This issue is related to the default behavior (no value provided) is incorrect. I like @Le0Developer 's code snippet and it will be the default behavior
I'm not really sure if this should be a feature request or issue When it's supposed to "crash the process" on browser, all it does it run
document.documentElement.innerHTML = '';which doesn't crash anything maybe it could run an infinite loop to actually crash? likefor(;;){while(1){}}