I have a editor whereby users can input their javascript and it displays their output. But I want a safety condition to stop them being able to accidentally create an infinite loop. The issue is I really don't want to parse the code and look for any loops and then add extra conditions. What I'm hoping for is a prebuilt function that cancels itself after a certain amount of memory, to avoid the browser crashing. I am unsure how to do this however.
Asked
Active
Viewed 1,060 times
2
-
I think this one can help you: http://www.nczonline.net/blog/2009/05/19/javascript-stack-overflow-error/ it explain what hapen when you create infinite loop and how to handle this (by browser) – Mr Jedi Dec 28 '14 at 20:10
-
1@MrJedi That's pretty much irrelevant. `while(true) { }` will not raise an error you can handle. – user229044 Dec 28 '14 at 20:11
3 Answers
3
JS BIN runs an open source project named loop-protect you can use that, it's easy to implement.
shyammakwana.me
- 5,562
- 2
- 29
- 50
-
Neat. I was unaware of loop-protect. Unfortunate that it doesn't handle recursion. – Matt Ball Dec 28 '14 at 20:12
-
yeah, there is [Esprima](http://esprima.org/) JavaScript parser with help of that it's possible. – shyammakwana.me Dec 28 '14 at 20:15
-
Seems less important for infinite recursion situations since the script will fail after only a moment with a too much recursion error, so it won't crash or freeze the browser. – six fingered man Dec 28 '14 at 20:17
-
The OP did say _"I really don't want to parse the code and look for any loops and then add extra conditions."_ – Matt Ball Dec 28 '14 at 20:22
-
OP is hoping for prebuilt function that stops after certain amount of memory, I don't think there's prebuilt like this in JS, so I just suggested. – shyammakwana.me Dec 28 '14 at 20:24
1
There is no general way to do this in JavaScript itself because JavaScript in the browser is single-threaded.* If a "hostile" script never yields then your code won't get a chance to run – to kill the user's script.
In some cases the runtime can do this for you – Internet Explorer is notorious for its obnoxious error messages but I'm not aware of any platform-agnostic way to request such protection from the environment.
* ignoring web workers, which are not relevant to the discussion since message handling occurs in the main "thread" anyway.
0
The cleanest solution is probably to interpret the JavaScript. That's how http://repl.it does it ((http://repl.it/help).), and there's really nice feedback when you do infinite loops. var f=function(){f();};f(); produces this output: RangeError: Maximum call stack size exceeded.
JS-interpreter seems to be interpreting the JavaScript with Acorn JS, and you might be able to add detection for infinite loops: https://github.com/NeilFraser/JS-Interpreter
Another option is to use Web Workers (https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/basic_usage):
Move the users' scripts into Web workers using something on the server side. You could also use data URIs like in this MDN example: https://developer.mozilla.org/en-US/docs/Web/API/Web_Workers_API/Advanced_concepts_and_examples. However, the data URIs won't work in IE due to security restrictions (http://caniuse.com/#feat=datauri).
Override
console.log,alertor anything else users need in order to get feedback from their scripts in order to convert them into Web worker messages.Kill each Web worker after a pre-set amount of time.
Max Heiber
- 14,346
- 12
- 59
- 97