The hyper corrective browser

Publish date:

I just had a discussion via Twitter about the desired behavior of browsers during an endless javascript loop (e.g. while(true){alert(“test”);}). One of my friends suggested that browsers should correct this kind of code. Browsers should do this in order to prevent endless loops that crash you browser or your operating system. This really sounds horrible […]

I just had a discussion via Twitter about the desired behavior of browsers during an endless javascript loop (e.g. while(true){alert(“test”);}). One of my friends suggested that browsers should correct this kind of code. Browsers should do this in order to prevent endless loops that crash you browser or your operating system.

This really sounds horrible to me. Whenever I write code I would like to see it executed the way I wrote it, not the way I could have probably thought about it that it should work. If I write lousy code, let the browser crash, let my operating system crash and probably I will learn something of it. In the worst case even valid code could be corrected by the browser since it could match a pattern that is used to filter invalided code blocks. That would be a real developers nightmare: hyper correcting browsers that are adjusting valid code blocks combined with all current known specific browser quirks.

However this hyper correcting behavior could make the web even more insecure. Microsoft will probably implement some protection in Internet Explorer 8, at first sight this is pretty nice, however there are quite some (amateur) developers that ‘test’ their websites in only one browser. After testing it in e.g. Internet Explorer 8 it assumed save and published on the Internet. However when using a different browser XSS is still possible and the visitor can still be harmed by these kind of attacks.

With all these hyper corrections you will be in the end only safe on the Internet depending on what browser you use. This is incorrect you should always be safe on the Internet no matter what browser you use. The developer is responsible for the security /usability of his web page/ application, not the browser! The browser should only be supportive to visit and use this page / application.

Related Posts

Cybersecurity

Capgemini Named a MSSP Leader in Everest Group Report

Geert van der Linden
Date icon September 6, 2021

Capgemini has continued to make significant investments to ensure its customers are able to...

Cybersecurity

Cybersecurity: the linchpin of sustainable infrastructure

Geert van der Linden
Date icon July 7, 2021

It’s critical that infrastructure organizations mitigate these risks by placing cybersecurity...

Cybersecurity

Malware: Bad for business and the environment

Geert van der Linden
Date icon June 28, 2021

Ensure your business is secure and quick to respond in the event of a breach.