- From: Matthew Brealey <webmaster@richinstyle.com>
- Date: Thu, 03 Aug 2000 16:10:22 +0100
- To: www-style@w3.org
Bruno wrote: > > I was just wondering where there or is there any CSS virus? Using the BeCSS proposal it is possible to format your hard drive. This can be achieved by setting as the element's 'behavior' the instantiation of an ActiveX control. ActiveX controls can doing anything - in particular the execution of an external program - such a program might be one that trashes your hard drive's partition tables (only possible on IDE drives). However, this is a problem not limited to CSS, and is really a problem with ActiveX. Strictly within CSS the only thing you can do is crash the browser. I actually started work on a 'gallery' of crash pages, but forgot about it, although I think it's still on my hard drive. I think I got about a dozen. In particular it is very easy to crash Netscape: this will crash ALL versions of Netscape 4.* (under Windows at least) (garbage added to avoid screwing anyone's browsers): <link type="text/css" rel=stylesheet href="http://richinstyle.com/style/all.css"> < dsjflsdfjsdlfjsdlf p class=example> Hello < dsjflsdfjsdlfjsdlfdsjflsdfjsdlfjsdlfdsjflsdfjsdlfjsdlf p class=example> Hello </p> this also does: http://richinstyle.com/test/application/long.html Opera 3.* can be crashed without any great difficulty: <link type="text/css" rel=stylesheet href=samepage.html> or <link type="text/css" rel=stylesheet href=a.css> a.css: @import url(b.css); b.css: @import url(a.css); All versions of Win Opera will put the system in an unusable state (three-fingered salute time) if you create a style sheet that resets every CSS property to default for each element The nascent Konqueror can be crashed without any great difficulty, although the results are never catastrophic. E.g.: http://richinstyle.com/test/color/canvas2.html Linux Opera can also be crashed quite easily. Internet Explorer 4 (i.e. not 4.01) will complete kill the whole system destroying all work and applications (reboot only option) if you use 'clear' in most cases; e.g., http://www.richinstyle.com/bugs/ie4demo.html 4.01 will crash less catastrophically if you are not very gentle with it while opening that same page (i.e. don't attempt to scroll), and with 100% certainty on any attempt to print that page [Plus many more ways to crash: this is just off the top of my head.] In general it is possible to crash almost any browser using CSS, although IE 5 presents a significant challenge: the more complicated the page the better - like early JavaScript hacks and frame loops, most obvious holes have been closed. ----------------------------------- Please visit http://RichInStyle.com. Featuring: MySite: customizable styles. AlwaysWork style Browser bug table covering all CSS2 with links to descriptions. Lists of > 1000 browser bugs Websafe Colorizer CSS2, CSS1 and HTML4 tutorials. CSS masterclass CSS2 test suite: 5000++ tests and 300+ test pages.
Received on Thursday, 3 August 2000 11:11:04 UTC