Why does a self-referencing iframe not infinitely loop and crash my machine?

HtmlInternet ExplorerGoogle ChromeFirefoxIframe

Html Problem Overview

I created a simple HTML page with an iframe whose src attribute references the containing page -- in other words a self-referencing iframe.

this.html

<html>
<head></head>
<body>
<iframe src="this.html"></iframe>
</body>
</html>

Why does this not infinitely loop and crash my browser? Also, why doesn't even IE crash at this?

(Note: This spawned from a team discussion on the virtues and demerits of using iframes to solve problems. You know, the 'mirror of a mirror' sort.)

Html Solutions

Solution 1 - Html

W3C took care of that in 1997 explaining how frames should be implemented in "Implementing HTML Frames":

> Any frame that attempts to assign as its SRC a URL used by any of its ancestors is treated as if it has no SRC URL at all (basically a blank frame).

Iframe recursion bug/attack history

As kingdago found out and mentioned in the comment above, one browser that missed to implement a safeguard for this was Mozilla in 1999. Quote from one of the developers:

> This is a parity bug (and a source of possible embarrasment) since MSIE5 doesn't have a problem with these kinds of pages.

I decided to dig some more into this and it turns out that in 2004 this happened again. However, this time JavaScript was involved:

> This is the code, what causes it: <iframe name="productcatalog" > id="productcatalog" src="page2.htm"></iframe> directly followed by > a script with this in it: > frames.productcatalog.location.replace(frames.productcatalog.location > + location.hash); > > ... > > Actual Results: The parent window gets recursively loaded into the > iframe, resulting sometimes in a crash. > > Expected Results: Just show it like in Internet Explorer.

Then again in 2008 with Firefox 2 (this also involved JavaScript).

And again in 2009. The interesting part here is that this bug is still open and this attachment: https://bugzilla.mozilla.org/attachment.cgi?id=414035 (will you restrain your curiosity?) will still crash/freeze your Firefox (I just tested it and I almost crashed the whole Ubuntu). In Chrome it just loads indefinitely (probably because each tab lives in a separate process).

As for the other browsers:

  • In 2005 Konqueror had a bug in it's safeguard that allowed to render iframes one inside another (but it seems that somehow it wasn't freezing/crashing the whole app).

  • IE6, Opera 7.54 and Firefox 0.9.3 are also reported to be susceptible to attacks basing on iframe recursion.

Solution 2 - Html

I'd like to add a little something to the "Also, why doesn't even IE crash at this?" part of the question. IE does not let us down...

If you add a simple iteration number as a query string to the nested iFrame's src Firefox and others will just stop after a certain iteration depth. IE - and we tested this with IE version 10 - just crashes :)

this.php

<html>
<head></head>
<body>
<iframe src="this.php?q=<?php echo (isset($_GET['q'])?$_GET['q']:1)+1?>" />
</body>
</html>

Solution 3 - Html

IE 6.0 can crash without script:

<iframe src="this.html?c=9"></iframe>

I'm not sure why this doesn't trigger loop detection nor if it's changed though.

Categories
Recommended Html Solutions
Recommended Internet Explorer Solutions
Recommended Google Chrome Solutions
Recommended Firefox Solutions
Recommended Iframe Solutions

Previous Solution:

Error 'SECURITY WARNING: No secret option provided to Rack::Session::Cookie'

Ruby on-Rails

Next Solution:

How to remove all numbers from string?

PhpRegex

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionkingdangoView Question on Stackoverflow
Solution 1 - HtmlKonrad DzwinelView Answer on Stackoverflow
Solution 2 - HtmlC.O.View Answer on Stackoverflow
Solution 3 - Htmll4m2View Answer on Stackoverflow