[Webkit-unassigned] [Bug 156115] Remove arbitrary limit on pushState and replaceState

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 5 16:14:20 PDT 2016


--- Comment #5 from Brady Eidson <beidson at apple.com> ---
Re-ordering my reply a bit to make a better narrative:

(In reply to comment #4)
> (In reply to comment #3)
> Brady, I would also like to personally apologize, if my initial tweets
> offended you; I was frustrated at what, at the time, I believed was a spec
> violating change causing hundreds of thousands of users to see a completely
> broken site.

Apology noted, but not necessary; I wasn't offended, I just wanted to probe the use case and get to the bottom of the problem.

> I will leave it to you to decide whether throwing a QuotaExceededError, or
> as the spec _suggests_ ignoring calls is the preferred behaviour; my opinion
> is the latter.

We will definitely consider ignoring the call, but logging to the console anyways.

> Again, not knowing the specifics, how could 'replaceState' create an OOM
> situation? Is it not deallocating the previous state object?

Yes, replaceState deallocates the previous state objects, but this policy is not about OOM.

Calling replaceState at a high frequency, even with tiny payloads, does a surprising amount of work. It burns through a surprising amount of CPU, which means a surprising amount of battery.

And if the frequency is high enough it actually quickly turns into a DOS attack. Not only on the current web page but on the entire browser, as the browser itself is necessarily involved with session history management.

> > WebKit cannot possibly know when the page is about to "fake navigate" via a pushState.
> It can, and it is definitely *not* a halting problem; it knows when the page
> is about to fake navigate, as it knows when pushState is called.

That's absolutely true.

Let me rephrase: WebKit can't do analysis about each replaceState to see if it is the "last replaceState that is needed before a pushState"

I believe what you're considering an appropriate fix in WebKit would be remember the most recent "replaceState" in a lightweight manner, then only do the heavyweight work when pushState is called or a navigation happens.

We considered that at first, but there are significant problems with it, both technical and architectural.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160405/d5ff512f/attachment.html>

More information about the webkit-unassigned mailing list