Re: [css-counter-styles] length of prefix, suffix, and negative should be limited

On Mon, Mar 10, 2014 at 3:31 PM, Xidorn Quan <> wrote:
> On Tue, Mar 11, 2014 at 8:18 AM, Tab Atkins Jr. <> wrote:
>> On Sun, Mar 9, 2014 at 3:02 AM, Xidorn Quan <> wrote:
>>> Since the string in such descriptors will be multipled by the number
>>> of ordinals to be displayed, it could be easy to consume a large
>>> amount of memory and time even when the total page size is not too
>>> large. For example, if prefix is a string of 100,000 characters, and
>>> there is 25,000 numbers to be displayed. The size of page is just
>>> several hundred kilobytes, but could consume 2GB memory to compute it.
>>> Hence I propose that the length of all these fields should be limited.
>>> A too long string for them could be dropped directly in parsing stage.
>> This is equivalent to "*::before { content: '[100k characters here]';
>> }", and so it's not something we should need to address specially in
>> Counter Styles.  It can produce outsize documents, but it's still only
>> linear with the document size, and so doesn't need special care.  The
>> purpose of the restrictions so far is mostly to protect authors
>> against accidental misuse, not users; authors can always blow up or
>> lock up a page with a trivial JS loop.
> Yes, it is equivalent to ::before. But it has to be emphasized that it
> is not linear with the document size, it is quadratic.

No, it's linear in the document size, assuming a constant 'content'/etc size.

> It's true that author can always freeze a page with a infinite js
> loop, but a slow js program could be detected and stopped by js
> engine, while it is harder to detect such code in renderer.

You're allowed to fail earlier, via the general resource exhaustion
clause.  Where exactly you fail is implementation-dependent.


Received on Monday, 10 March 2014 22:37:43 UTC