避免任意eval中的无限循环(user_code) [英] Avoiding an Infinite Loop in Arbitrary eval(user_code)
问题描述
大家好,
我希望用户能够在文本框中评估代码。但是,如果他意外地键入了b $ b,而(1){i = 0; }"并点击跑,我也想要他
能够点击一个停止按钮,这样他的浏览器就不会进入
一个无限的,精神崩溃的,接口锁定循环。停止按钮
不需要立即响应,但当然更好
响应更好。
写一个javascript-in-javascript解释器,有没有
的方法呢? Caja能做出这种事吗?我是否需要
来限制自己使用Gears +线程来执行此操作?
感谢您的帮助,
Bill Mill
bi*******@gmail.com
Bill Mill schreef:
大家好,
我想拥有能够在文本框中评估代码的用户。但是,如果他意外地键入了b $ b,而(1){i = 0; }"并点击跑,我也想要他
能够点击一个停止按钮,这样他的浏览器就不会进入
一个无限的,精神崩溃的,接口锁定循环。停止按钮
不需要立即响应,但当然更好的b / b
响应更好。
比尔,
我的Firefox注意到长时间运行的脚本并提供在
$ b之后中止它们$ b while。
您使用的浏览器是什么?
问候,
Erwin Moller
>
没有写javascript-in-javascript解释器,有没有
的方法呢? Caja能做出这种事吗?我是否需要
来限制自己使用Gears +线程来执行此操作?
感谢您的帮助,
Bill Mill
bi******* @ gmail.com
4月23日,07:29,Erwin Moller
< Since_humans_read_this_I_am_spammed_too_m ... @ spam yourself.com
比尔,
我的Firefox注意到长时间运行的脚本并提供在
之后中止它们。
你用什么浏览器使用?
当然OP使用的浏览器与此无关。
问题是任意用户使用的浏览器?
Bill Mill写道:
我希望用户能够在文本框中评估代码。但是,如果他意外地键入了b $ b,而(1){i = 0; }"并点击跑,我也想要他
能够点击一个停止按钮,这样他的浏览器就不会进入
一个无限的,精神崩溃的,接口锁定循环。停止按钮
不需要立即响应,但当然更好
响应更好。
写一个javascript-in-javascript解释器,有没有
的方法呢?
到目前为止,ECMAScript的实现是单线程的,而且还有一个算法要编写一个通用的解决方案暂停问题。
http://en.wikipedia.org / wiki / Halting_problem
您将不得不依赖用户的用户代理来识别无响应的
脚本,并且为用户提供这样的对话窗口,如基于Gecko的UAs
(例如Mozilla Firefox)。
Caja是否进行此类排序有可能吗?
我不这么认为:
http://code.google.com/p/google-caja/wiki/AttackVectors
下次请详细说明。
我是否需要限制自己使用Gears +线程来执行此操作?
从未听说过这些。
PointedEars
-
现实主义: HTML 4.01严格
福音:XHTML 1.0严格
疯狂:XHTML 1.1 as application / xhtml + xml
- Bjoern Hoehrmann
Hello all,
I want to have a user able to eval code in a text box. However, if he
accidentally types "while(1) { i=0; }" and hits "run", I also want him
to be able to hit a stop button such that his browser does not go into
an infinite, soul-crushing, interface-locking loop. The stop button
would not need to be instantly responsive, but of course the more
responsive the better.
Short of writing a javascript-in-javascript interpreter, is there any
way to do so? Does Caja make this sort of thing possible? Will I need
to restrict myself to Gears+threads to do this?
Thanks for any help,
Bill Mill
bi*******@gmail.com
Bill Mill schreef:Hello all,
I want to have a user able to eval code in a text box. However, if he
accidentally types "while(1) { i=0; }" and hits "run", I also want him
to be able to hit a stop button such that his browser does not go into
an infinite, soul-crushing, interface-locking loop. The stop button
would not need to be instantly responsive, but of course the more
responsive the better.Hi Bill,
My Firefox notices long running scripts and offers to abort them after a
while.
What browser are you using?
Regards,
Erwin Moller
>
Short of writing a javascript-in-javascript interpreter, is there any
way to do so? Does Caja make this sort of thing possible? Will I need
to restrict myself to Gears+threads to do this?
Thanks for any help,
Bill Mill
bi*******@gmail.com
On 23 Apr, 07:29, Erwin Moller
<Since_humans_read_this_I_am_spammed_too_m...@spam yourself.comHi Bill,
My Firefox notices long running scripts and offers to abort them after a
while.
What browser are you using?Surely what browser the OP is using has no bearing on this. The
question is what browser will the arbitrary user be using?
Bill Mill wrote:I want to have a user able to eval code in a text box. However, if he
accidentally types "while(1) { i=0; }" and hits "run", I also want him
to be able to hit a stop button such that his browser does not go into
an infinite, soul-crushing, interface-locking loop. The stop button
would not need to be instantly responsive, but of course the more
responsive the better.
Short of writing a javascript-in-javascript interpreter, is there any
way to do so?No. ECMAScript implementations so far are single-threaded, and there is yet
an algorithm to be written for a universal solution of the Halting Problem.
http://en.wikipedia.org/wiki/Halting_problem
You will have to rely on the user''s user agent to recognize a not-responding
script, and provide the user with such a dialog window, as Gecko-based UAs
(e.g. Mozilla Firefox) do.
Does Caja make this sort of thing possible?I don''t think so:
http://code.google.com/p/google-caja/wiki/AttackVectors
Please be more verbose next time.
Will I need to restrict myself to Gears+threads to do this?Never heard of those.
PointedEars
--
realism: HTML 4.01 Strict
evangelism: XHTML 1.0 Strict
madness: XHTML 1.1 as application/xhtml+xml
-- Bjoern Hoehrmann
这篇关于避免任意eval中的无限循环(user_code)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
