W3C home > Mailing lists > Public > www-style@w3.org > February 2014

Re: [css-counter-styles] potential abuse of pad

From: Tab Atkins Jr. <jackalmage@gmail.com>
Date: Tue, 25 Feb 2014 10:44:31 -0800
Message-ID: <CAAWBYDAz_xmFeoZ7_sQUvrRdH=63R+N3ntW0-76spRQ1ejF+rw@mail.gmail.com>
To: Xidorn Quan <quanxunzhen@gmail.com>
Cc: www-style list <www-style@w3.org>
On Mon, Feb 24, 2014 at 5:34 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
> On Mon, Feb 24, 2014 at 5:31 PM, Xidorn Quan <quanxunzhen@gmail.com> wrote:
>> On Tue, Feb 25, 2014 at 12:27 PM, Tab Atkins Jr. <jackalmage@gmail.com> wrote:
>>> On Fri, Feb 21, 2014 at 9:28 PM, Xidorn Quan <quanxunzhen@gmail.com> wrote:
>>>> Hi,
>>>>
>>>> The spec mentions the potential abuse of some systems. However, it is
>>>> also possible for 'pad' to be abused in a similar way. The total
>>>> characters produced by pad should be limited as well.
>>>>
>>>> Nevertheless, I'm not sure what should happen for a too long pad.
>>>> There are two options:
>>>>
>>>> 1. drop the whole representation, and use the fallback;
>>>> 2. drop symbols until the total length is acceptable.
>>>>
>>>> Personally I prefer the first option though I do not have a strong reason.
>>>
>>> Nope, 'pad' isn't abusable.  It produces representations that don't
>>> depend on the value of the counter, and so is safe.
>>>
>>> That is, I'm fine if you can generate a gig of counter representation
>>> by specifying a gig of descriptor in your stylesheet.  I'm not fine if
>>> you can generate a gig of representation from less than a kilo of
>>> stylesheet.
>>>
>>> 'pad' is basically equivalent in abuse potential to 'content':
>>> "*::before { content: "[long string here]"; }" is basically the same
>>> thing.
>>
>> What about
>>
>> @counter-style { pad: 1000000000 "0"; }
>
> Oh, hrm, you're right.  Okay, I'll add something.

All right, since this warning was spreading around too much, I moved
it to a more centralized location, right after the "generate a
representation" algo.  I called out the values/descriptors that are
potentially problematic.

~TJ
Received on Tuesday, 25 February 2014 18:45:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 2 May 2016 14:39:19 UTC