The Anthropic Side Channel (was: How would shallow generators compose with lambda?)
Mark S. Miller
erights at google.com
Sat May 16 11:25:17 PDT 2009
On Fri, May 15, 2009 at 2:26 PM, Brendan Eich <brendan at mozilla.com> wrote:
> [...] but plain old iloop DOS prevention as practiced in browsers
> does *not* reload the page. And the browser APIs are full of ways to detect
> that finallys didn't run, through effects overt and covert.
> [...]
> Just consider iloop DOS prevention as practiced in browsers today: finally
> may not run. That's enough.
Have you tried this lately? In a squarefree shell on several browser I typed in
var x = 8; try { while (true) {} } finally { x = 7; }
Results:
Safari promped. I told it to "stop" scripts. Afterwards, the event was
terminated, but scripts on the page were still able to run. x was 7,
indicating that finallys were executed on the way out.
IE: Similar, but x was 8 indicating that no finallys were run.
FF, Opera, Chrome: That squarefree shell remained hung and I never got
prompted, even after leaving these to run overnight. I am surprised. I
have not heard of this behavior.
--
Cheers,
--MarkM
More information about the es-discuss
mailing list