On Tue, 4 Aug 1998, Paul Leach wrote: > I meant the variant of HTML that includes object tags and J-Script/VB-Script > that has conditional statements and recursion -- which is enough to make it > Turing complete. If the precise name of that is DHTML, it's not relevant -- > as far as users are concerened it's stuff in web pages that nearly all > browsers know how to and will execute and will throw it into a > non-terminating computation -- which makes it "HTML" as far as they are > concerned. <RANT> Oh give me a break. This is not a "variant of HTML", this -IS- HTML as laid down by the W3C spec. Terminology -is- relevant because no one on this list is the typical "user". More importantly, what we are discussing here is most certainly NOT "stuff in web pages". IT'S INPUT - NOTHING MORE, NOTHING LESS. The First Deadly Sin of Programming: Trusting user input. Web browsers should consider ALL web content to be nothing more than user input and should have built in checks against improper or illogical input - just like any properly written program will. Instead, the browser manufacturers tend to treat this "stuff in web pages" as if it were gospel or worse, source code. (*shudder*). Although CLASSID may be used to specify the location of an object's implementation via a URI, does it make sense to point the browser to an object contained within the same URI as the calling resource? No - it doesn't - so the CLASSID=#<anything> should be ignored. Granted, this violates the spec since a relative anchor is a valid URI - but violating the spec has never been a problem for the browser makers so why start worrying now? This is NOT a "Turing machine halting" or infinite recursion problem. The problem in this case lies somewhere between the keyboard and the brain of the programmer that wrote the chunk of code in IE that accepts CLASSID=#<anything> as valid -input-. Write clean code, stop trusting input, and once you've done that THEN you can get pissy about terminology. Until then your defense of this bug is ludicrous. </RANT> > > > -----Original Message----- > > From: kragenat_private [mailto:kragenat_private] > > Sent: Tuesday, August 04, 1998 2:37 PM > > To: Paul Leach > > Cc: BUGTRAQat_private > > Subject: Re: Object tag crashes Internet Explorer 4.0 > > > > > > On Tue, 4 Aug 1998, Paul Leach wrote: > > > The possibility of infinite loops and infinite recursion in > > HTML has been > > > discussed on the lists before. Trying to detect and prevent > > them is an > > > instance of the "Turing machine halting" problem, and it is > > well known among > > > computer scientists to be impossible. > > > > Certainly not. HTML is not Turing-complete. In fact, detecting and > > preventing infinite loops and recursion in HTML simply requires > > traversing a directed acyclic graph and determining that it is, in > > fact, acyclic. This is simple. > > > > Perhaps you're thinking of DHTML. Or perhaps you're thinking of some > > kind of evil, twisted web server that serves up the same page under an > > infinite number of different names, each modified to include a frame > > reference to that page under a different name. > > > > Kragen > > > -- Joe H. Technical Support General Support: supportat_private Blarg! Online Services, Inc. Voice: 425/401-9821 or 888/66-BLARG http://www.blarg.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:28 PDT