Javascript security experiments

I’ve been reading an old article (2004) on JavaScript security and decided to try out some of the security issues outlined to see how the new generation of browsers were dealing simple security issues. In particular, I wanted to see how each mayor browser handled recursion and running loops that just use up memory.

Recursion experiment

I ran the following experiment on Vista and MacOs 10.4 in Opera 9.1 and Firefox 2.0.0.1, and in IE7 to see how many recursive loops it would allow me to do before it (a) crashed, or (b) ran out of memory space allocated for that web page:

var count= 0 ; 

function tag(){
document.write(count++ + " " );
you_are_it();
} 

function you_are_it()  { tag(); }
tag();

Results

Opera

PC: 1668 (throws no exception)

Mac: 1672 (throws no exception)

IE7

1275 (if not caught by a try block it displays an unfriendly pop up saying out of memory on line: 5)

Firefox 2.0.0.1

Mac and PC: 499 Throws exception: “InternalError: too much recursion”

try it (javaScript will be executed in your browser’s address bar)

Recursion conclusion

I’m not sure if IE is actually running out of memory (maybe it’s recursion stack is overflowing). Seems to me that it has just been restricted to allow 2551 recursive calls. Firefox seems to be limited to a 1000 recursive calls. Unlike the other two browsers, Opera locks up for a bit, then comes back. If you vary the size of the string that is written by document.write it also behaves somewhat erratically, letting you do 3335 recursive calls.
Memory tests

I ran the following code on the same browsers with upsetting results. IE locked up windows Vista and it took me about 5-10 minutes to be able to force IE to quit. Firefox quickly jumped from using 130Mb to about 560Mb and then threw an out of memory exception. However, when I hit refresh to do the experiment again it locked up Vista and again took me about 5-10 to close Firefox. I ran the experiment again, but this time I had the task manager open ready for kill the processes. Same thing happened again. Opera, on the other hand threw an Object too big exception straight away. Its memory footprint did not go up at all.

Code

var adiosAmigo = "Sayanora, sucker.";
while (true)
adiosAmigo += adiosAmigo;


Conclusion

IE7 does not deal with memory hog issues very well. Firefox tries to, but alas it is not a graceful as Opera.