Re: [css-counter-styles] potential abuse of pad from Xidorn Quan on 2014-02-25 (www-style@w3.org from February 2014)

From: Xidorn Quan <quanxunzhen@gmail.com>
Date: Wed, 26 Feb 2014 08:16:28 +1100
To: "Tab Atkins, Jr." <jackalmage@gmail.com>
Cc: www-style list <www-style@w3.org>
Message-ID: <CAMdq698Fxpx5mwgdJH7pb_47BkAuSyw+XgYO0k=heZOKijD8pA@mail.gmail.com>

On Feb 26, 2014 5:44 AM, "Tab Atkins Jr." <jackalmage@gmail.com> wrote:
>
> On Mon, Feb 24, 2014 at 5:34 PM, Tab Atkins Jr. <jackalmage@gmail.com>
wrote:
> > On Mon, Feb 24, 2014 at 5:31 PM, Xidorn Quan <quanxunzhen@gmail.com>
wrote:
> >> On Tue, Feb 25, 2014 at 12:27 PM, Tab Atkins Jr. <jackalmage@gmail.com>
wrote:
> >>> On Fri, Feb 21, 2014 at 9:28 PM, Xidorn Quan <quanxunzhen@gmail.com>
wrote:
> >>>> Hi,
> >>>>
> >>>> The spec mentions the potential abuse of some systems. However, it is
> >>>> also possible for 'pad' to be abused in a similar way. The total
> >>>> characters produced by pad should be limited as well.
> >>>>
> >>>> Nevertheless, I'm not sure what should happen for a too long pad.
> >>>> There are two options:
> >>>>
> >>>> 1. drop the whole representation, and use the fallback;
> >>>> 2. drop symbols until the total length is acceptable.
> >>>>
> >>>> Personally I prefer the first option though I do not have a strong
reason.
> >>>
> >>> Nope, 'pad' isn't abusable.  It produces representations that don't
> >>> depend on the value of the counter, and so is safe.
> >>>
> >>> That is, I'm fine if you can generate a gig of counter representation
> >>> by specifying a gig of descriptor in your stylesheet.  I'm not fine if
> >>> you can generate a gig of representation from less than a kilo of
> >>> stylesheet.
> >>>
> >>> 'pad' is basically equivalent in abuse potential to 'content':
> >>> "*::before { content: "[long string here]"; }" is basically the same
> >>> thing.
> >>
> >> What about
> >>
> >> @counter-style { pad: 1000000000 "0"; }
> >
> > Oh, hrm, you're right.  Okay, I'll add something.
>
> All right, since this warning was spreading around too much, I moved
> it to a more centralized location, right after the "generate a
> representation" algo.  I called out the values/descriptors that are
> potentially problematic.

There is one small problem: 'pad' will not generate representation with
size linear to the counter value. The size of pad is to some extent
constant.

It might be better to say, with size linear to a value specified by author.

- Xidon

Received on Tuesday, 25 February 2014 21:16:55 UTC