Re: [css-counter-styles] length of prefix, suffix, and negative should be limited

On Tue, Mar 11, 2014 at 8:18 AM, Tab Atkins Jr. <> wrote:
> On Sun, Mar 9, 2014 at 3:02 AM, Xidorn Quan <> wrote:
>> Since the string in such descriptors will be multipled by the number
>> of ordinals to be displayed, it could be easy to consume a large
>> amount of memory and time even when the total page size is not too
>> large. For example, if prefix is a string of 100,000 characters, and
>> there is 25,000 numbers to be displayed. The size of page is just
>> several hundred kilobytes, but could consume 2GB memory to compute it.
>> Hence I propose that the length of all these fields should be limited.
>> A too long string for them could be dropped directly in parsing stage.
> This is equivalent to "*::before { content: '[100k characters here]';
> }", and so it's not something we should need to address specially in
> Counter Styles.  It can produce outsize documents, but it's still only
> linear with the document size, and so doesn't need special care.  The
> purpose of the restrictions so far is mostly to protect authors
> against accidental misuse, not users; authors can always blow up or
> lock up a page with a trivial JS loop.

Yes, it is equivalent to ::before. But it has to be emphasized that it
is not linear with the document size, it is quadratic.

It's true that author can always freeze a page with a infinite js
loop, but a slow js program could be detected and stopped by js
engine, while it is harder to detect such code in renderer.

- Xidorn

Received on Monday, 10 March 2014 22:32:10 UTC