function f() {
document.body.appendChild(document.createElement(’div’));
setTimeout(f, 0);
setTimeout(f, 0);
}
f();

And I’ve seen ajax applications that had more or less this exact code, cutting off the recursion after some point. The problem is telling on the browser side whether they plan to do that or not (if wanting to only block malicious pages). Of course imposing resource limits in general would work, but it would also limit the scope of what webapps can do. That might be a good thing, of course.

And it used full CPU on FF2, Opera, and FF3 beta, though Opera remained fairly responsive so I could close the tab. FF2 froze quickly. FF3 was unresponsive but did not freeze after about 15 seconds so I could still close the tab, though it took several seconds to actually close it.

Firefox does give you a prompt for scripts that take longer than usual to execute (like applying DHTML affects by DOM on a huge page), but this DOS is something of a different nature.

(and SpamBam doesn’t seem to like FF3

I like having sensible discussions but comparing ajax applications to the code sample is silly. Browsers should protect against this stuff! Opera for example has a much better security model than Firefox.

“you shouldn’t be able to make the browser crash when visiting a web page” would be nice, but in practice it’s easy to cause runaway resource usage in all sorts of different ways. And telling apart runaway resource usage from a resource-intensive webapp involves reading the script author’s mind, in general.

Now perhaps browsers should be able to impose CPU/memory quotas on sites. That’s being thought about, but it’s not so easy to retrofit onto an existing browser; you really want to design with that in mind. Sadly, no one did.

You are talking rubbish, I like to hack things and you shouldn’t be able to make the browser crash when visiting a web page. If you don’t like what I write then please visit Fox news instead, they should provide you with the “news” you’re looking for.

Now please go and troll somewhere else.