Interesting experiment, I iframed the url of the page that I was on, thereby it containing the iframe and loading the page which contained the ifram and loaded the page which contained the iframe... This didn't seem to max out at any point. Tried this on Firefox 6 and it seemed to have a depth limit of 9 before it no longer created iframes withi itself.
I'm not sure what the requested action on this bug is. Would you like to suggest for WebKit to add iframe nesting depth limit?
(In reply to comment #1) > I'm not sure what the requested action on this bug is. Would you like to suggest for WebKit to add iframe nesting depth limit? Depth limit would help, right?
Are you aware of any Web sites that work incorrectly due to us not having a depth limit?
(In reply to comment #3) > Are you aware of any Web sites that work incorrectly due to us not having a depth limit? Not that I know of, but if this 'bug' were more widely known could you envision someone exploiting it?
It would save some back and forth if you were more specific about the problem. The word "exploit" is usually associated with security exploits - are you saying that there is one? If so, please mark the bug as security sensitive, and explain why. Otherwise, what is the problem with displaying nested iframes?
(In reply to comment #5) > It would save some back and forth if you were more specific about the problem. > > The word "exploit" is usually associated with security exploits - are you saying that there is one? If so, please mark the bug as security sensitive, and explain why. > > Otherwise, what is the problem with displaying nested iframes? There is no problem displaying with displaying nested iframes, but why would you need an 'unlimited' amount of them? If I were trying to create a security/performance issue i could open hundreds of nested iframes displaying the parent page with the contained iframe inside, which I did. CPU spiked (Quad core 3.2ghz) to between 80-90%, RAM usage started climbing from 3gb to 6gb in the space of 5 minutes... I can script something that would kill a browser in javascript fine, but to do this just by using HTML and creating an infinite loop of iframes seems too easy, and easily preventable by just having a nesting depth.
Thanks, just trying to make sure that I didn't miss something important.
(In reply to comment #7) > Thanks, just trying to make sure that I didn't miss something important. No problem. :)
rdar://101560112
*** Bug 248832 has been marked as a duplicate of this bug. ***
Pull request: https://github.com/WebKit/WebKit/pull/7219
Committed 257550@main (65071a674a05): <https://commits.webkit.org/257550@main> Reviewed commits have been landed. Closing PR #7219 and removing active labels.