Sometimes we run into whacky bugs when we're trying to build semi-large so-called rich web applications. Take this bit of HTML:

<img src="path/to/something/that/is/not/there" onerror="this.src = '/path/to/something/else/not/there'"/>

What would you think is the proper way to handle this? The problem is this: The image src points to an image that doesn't exist so an error event is triggered. When the error event is triggered the onerror handler is invoked, once again setting the image src to an image that isn't there.

Seems mostly harmless right? Not so fast. Here's a break down on the browsers I've tested this with:

• (Win)Chrome 2 beta/WebKit: No adverse effects
• (Mac)Safari 3.1/WebKit: No adverse effects
• (Mac)Firefox 3.x: Pegs CPU at 100%
• (Win)IE7: Alerts: Stack overflow at line: 0

If you are daring you can try it yourself right here.

How annoying. How should this be dealt with? I personally believe the WebKit approach is the best. It simply recognizes the fallacy and considers it a broken image, which it is. The Firefox approach is mind boggling. What's really weird is that it doesn't seem to even try to load the image more than once, so it does (somehow, probably internal caching or some such strategy) recognize that the image isn't there yet it gets into an infinite loop trying to load it anyway. It's nice to see that Firefox doesn't get caught up in a stack overflow which indicates that the onerror event is actually scheduled rather than invoked immediately as it is in the IE7 case. But it still falls short.

Tracking this down in obfuscated javascript code was no easy feat. I just lost two days of my life trying to figure this bloody thing out. It also stands as a reminder that you can't keep people out of your code by obfuscating it so why bother trying? Silly, silly people.

Now I'm off to search mozilla bugzilla to see if this has been reported and if so, what the current status is. Given that this has DoS potential I'd hate to see it continue to thrive.

Well, after several months offline I finally put this back up at Site 5. Been so bloody busy the past few months that bringing back my little space here has just been way down on the list of priorities.

Can't say there is a whole lot to really report though I am learning Erlang, Haskell, and Clojure as time permits. All three are excellent languages. Clojure and Erlang keep me the most interested but Haskell has a sort of beauty about it that keeps drawing me back.

More on these later!