I'm the author that discovered this bug - and went way out of my way to tell the Internet Explorer team about it. I uncovered the error while working on a client's SharePoint site and figuring out why a certain page always caused their computer to freeze up.

The most amazing part of this exercise has been analyzing the traffic trends. This page gets a crazy amount of traffic in Japan and China - I still can't figure out why.

It has also been a remarkable insight into the dysfunction that is Microsoft; I'll hear from some random Microsoft employee twice a year who became aware of the site and wants to fix it, after pointing to the closed "not a bug" thread on MSDN they all vanish (apparently keenly aware of how atrocious the IE team reacts to external interest/support.)

I don't even bother reporting bugs in IE anymore. They never fix them.

Yesterday I ran into errors "String is undefined" when trying to augment String.prototype. Testing for undefined got me "undefined is undefined". Turns out it was a variation of a known issue they deem so unlikely that they won't even bother to fix it. (The issue is this one: http://msdn.microsoft.com/en-us/library/gg622929%28v=VS.85%2... ) If anyone wants to know the fix: you have to set the innerHTML of the parent element of the iframe to '' before detaching that element from the DOM. That actually stops code inside the iframe from running.

What I also love is the arrogance with which they suggest solutions, like on the page I linked: "If your application uses a programming pattern that is affected by this issue, you may wish to consider not removing the iFrames from the page."

Exception: if the crash is a non-null access violation, please report to MSRC.

Its probably people trolling the internet users in those countries using an iframe because they couldn't replicate the crash or couldn't be bothered hosting it. Internet Explorer is still the main browser in China and Japan

http://gs.statcounter.com/#browser-CN-monthly-201105-201205

Where is the bug report? I'd be curious to read the response from Microsoft.

(The link on the page is just to a Google Group discussion, which doesn't appear to have participation from Microsoft.)

Live login required? Pffffft.

After logging in, I get this:

> Page Not Found

> The content that you requested cannot be found or you do not have permission to view it.

Did they remove the item?

Same here. Looks like they've deleted it. I couldn't find a cached copy of it either.

I think the most shocking thing is when you follow it through to the MSDN bug discussion—and you find people blaming the author for writing invalid HTML.

Apparently IE doesn’t need to follow the robustness principle. http://en.wikipedia.org/wiki/Robustness_principle

This isn't a case of "Robustness principle". Not crashing on invalid input is just plain old decent programming, not to mention secure programming. Programs should not crash on invalid inputs, period. "Robustness" as in the robustness principle refers to trying to actually process invalid data and go make a guess at what the functionality should be.

In fact, you can make quite a case that "robustness" as defined that way is responsible for the horrible mess that HTML and cross-browser compatibility is these days. For instance, if you improperly close tags, or overlap tags, IE (and others I assume) will dutifully go about trying to figure out what you meant: being very "robust" in their interpretation of input outside the spec.

By implementing behaviour outside the spec (being "robust"), you are implicitly extending the spec, and every other browser has to implement unspecified behaviour in the same way.

Reminds me of one of my first jobs. I needed to convert some data into a odd file format based on 100 or so pages of documentation and upload it to an FTP. Problem was the first version I wrote caused their system to crash...

Fun times.

At uni in a software testing subject I was given an assignment to read various input files (some valid, some invalid). If your program crashes, you would get 0 marks. It made for a stressful assignment execution day, but it was a good lesson.

I agree, it's unbelievable. End users don't care about incorrect markup, they care about their browser hanging.

Obviously this is a bug in IE that needs to be fixed and it's Microsoft's responsibility to ensure that their browser doesn't crash in invalid input, but end users don't actually care about the browser either (they don't even know what a browser is), they care about your site crashing.

That's incorrect.

If your TV crashed would you blame the TV program you were watching at the time?

People know the difference between software and content. Content should never be able to crash software.

I agree with you in that content should never be able to crash software.

I disagree with you TV example, however. If the same TV show repeatedly crashed one of the most popular TV models, consumers would blame the show.

well, that would be stupid

Not necessarily - I don't understand how software interacts with, for example, digital cable. I've seen certain channels crash my cable box before. It wouldn't be that surprising to see a certain show reliably crash the cable box.

A topic very much like this one makes up a chapter in the wonderful book Godel, Escher, Bach http://en.wikipedia.org/wiki/G%C3%B6del,_Escher,_Bach

Two characters are in a race: one to build an impervious record player, the other to design a record that - when played - sets up feedback in the record player sufficient to destroy it.

It's a stunningly simple intro to a fairly deep topic: NP completeness, input validation, etc.

"If your TV crashed would you blame the TV program you were watching at the time?"

I'm not positive, but I believe that it's possible for TV shows to crash TVs, which is why there are standards in that specify what kind of content you are allowed to broadcast:

http://en.wikipedia.org/wiki/Broadcast-safe

I had an episode of a TV show on videotape that literally crashed my TV. I'm not kidding. Whenever the show got to a certain point the TV would turn off.

I'm 99% sure that it was something invalid in the closed captioning.

if my TV shut down every time i tried to watch one specific show and never any other time, i might blame that show, yes.

people should know the difference, but they don't.

Back in 2000, I finally switched from Netscape to Internet Explorer because DoubleClick's JS hung Netscape. When a decent number of sites work in one browser but not the other, I go look for another browser.

100% correct in my experience.

I'd say that most do care about their browser. Chrome wouldn't have sped to such popularity otherwise, nor Firefox before it, nor Mozilla, nor... IE. If users didn't care we'd perhaps all still be using Mosaic.

This is most likely true for Chrome yes, but it's almost definitely true for IE. I feel confident claiming that at the very least half of the IE users use it because they don't have a choice or because they got it as default on Windows.

I agree. There is no combination of text that should cause a browser to crash. Why the people in the discussion were blaming the HTML markup is beyond me.

Agree. It's a horrible read. Good thing their marketing department hasn't caught up with this... yet

It probably did. Long time ago. IE on RC build of Windows 8 does not crash.

Well yeah, but 3 years after the fact.

It does not crash the IE build that came with the RC of windows 8. So probably all the comments and the page should use a past tense?

=== Evil Idea ===

Everyone create a script on all your websites that randomly implements this bug on some but not all pages (definitely not landing & home pages) then watch as little by little millions of users think their IE is broken and messed up and start using other browsers. A few sites alone wouldn't make a difference but over the course of its life even websites with normal amounts of traffic build up 30,000 unique visitors after a few years. Combined that would do some damage to IE's stability. Yes it's evil because you're deliberately crashing innocent people's browsers but aren't they evil/foolish for deliberately using IE and making us work harder to support it?

Sometimes users have to learn things the hard way.

Does not crash IE10 on Release Preview 64-bit. Neither desktop or Metro version.

I updated the page (which I hadn't touched since mid-2011) to say it doesn't crash the current RC of IE10. Hopefully people will stop flaming me on Twitter now...

AFAIK I think it was fixed with the move to an interoperable quirks mode.

Wow. I guess Microsoft is still the pinata.

I write web-based software. Every day.

I have made every browser crash and become completely non-responsive, many times over. Chrome. Firefox. Opera. All of them.

Now, this is mostly through JavaScript, when I do something stupid by manipulating the DOM the wrong way or some other funny thing. I fix it and keep going. Because breaking the browser is bad.

Want to report it to the vendor? Great. Fine. Making a website dedicated to the crash? Waaaay too much time on your hands.

> Want to report it to the vendor? Great. Fine. Making a website dedicated to the crash? Waaaay too much time on your hands.

Time to report bug to Microsoft: 30 minutes. Time to create website for bug: 4 minutes. #justsayin

I can say the same but there's a clear gap in how seriously the vendors take it: it's been a long time since I've crashed any browser other than IE. The closest I've come a couple of times was getting Firefox to use enough memory that I killed it rather than waiting for it to page.

If you are crashing them as often as you claim, you should be filing security bug reports - every other browser team will respond quickly to non-Flash crashes.

And if the crash is a non-null access violation in IE, please report to MSRC. These do get fixed in the next security update.

> I have made every browser crash and become completely non-responsive, many times over. Chrome. Firefox. Opera. All of them. Now, this is mostly through JavaScript, when I do something stupid by manipulating the DOM the wrong way or some other funny thing. I fix it and keep going. Because breaking the browser is bad.

We have a winner. Want browsers to play nice? Write good code.

Didn't crash IE10.0.8400.0 in Windows 8 Release Preview 64-bit.

Can confirm this!

I don't see why it's such a big deal. Ya I mean it's kind of a dumb thing to cause a browser to crash, but I am sure any browser has a dumb thing here or there that will cause a crash.

Seems like we're just trying to pick on IE here.

I'd agree. On a side note, took me about ten seconds of googling to find HTML/Javascript that reliably crashes firefox (but does not crash IE8). I expect Chrome would have similar cases where there could be something that causes crashes (at least, there are bug reports asserting this).

(FYI here's some HTML/JS for the Firefox bug... Resizing the browser caused the issue to manifest in Win7 with FF 13.0.1:)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd>;

<html xmlns="http://www.w3.org/1999/xhtml>;

<head>

<title>Test</title>

<script type="text/javascript"> window.onresize = function () { alert("gg"); }; </script>

</head>

<body>

&nbsp;

</body>

</html>

(edited to acknowledge that this is a JS bug). And for the downvotes, at least provide a reason and/or a discussion.

Uh yeah, it's really easy to find code that crashes browsers with open bug trackers. Just go search them.

Known for a year with no fix in sight :( https://bugzilla.mozilla.org/show_bug.cgi?id=626963

While close, it's a bit different since JS is needed to crash the browser. The interesting thing about the IE bug is that no JS is required.

Are people really downvoting because you pointed out that other browsers have bugs too? Amazing!

Is this a big deal? It's amusing that it is such a simple chunk of HTML, but I was under the impression that it's not terribly difficult to DoS the average browser.

I accidentally discovered some very simple HTML that reliably crashes Outlook whenever you try to view or preview the message a while back. I reported it and I think they eventually fixed it.

  > I reported it and I think they eventually fixed it.

If you follow through to the MSDN discussion, it is from 2009. So "eventually fixed it" could apply in this case, only because the timescale is unbounded, but waiting years for a fix seems unreasonable.

Bugfixes are subject to the Halting problem :)

How do you DoS chrome?

I don't know. Maybe Google is so good it's impossible (or at least limited to one tab). But I suspect it's still possible if I'm allowed to use commonly installed plugins. I think I could make a Java applet that consistently crashes.

Facebook seems to have no problem crashing Chrome on my three machines.

What was the problem? was it the unclosed <form> tag?

Looks like the crash doesn't happen if you provide the </form> tag, so that looks like it.

Edit with more info: Looks like removing any of the markup prevents the crash. "Removing the CSS, the div, the table, etc all cause this code to not crash IE"

The minimal variant with which I repeated the crash was:

    <style type="text/css">
        #a { margin: 0 10px 10px; }
        #b { width: 100%; }
    </style>
    <table>
        <tr>
            <td>
                <div id="a">
                   <form id="b">
                   <input type="text" name="test"/>
                </div>
            </td>
            <td width="1">
            </td>
        </tr>
    </table>

Removing the second td is enough to make the html not crashing on IE 9. The "crash" manifests itself in some kind of an infinite loop (one thread jumps to 100% CPU and stays so). Then the "recovery" mechanisms kick in, reloading the page, blocking again... :) Can anybody reduce it even more?

Removing the TR's produces the same results. Change div to p still results in the crash, but removing that level entirely doesn't.

Would love to know too, can't have been as ironic as the <input type="crash"> bug.

It was just: <input type crash> as I recall - not specifying a value for type.

it doesnt appear to be any single specific element, but rather the exact combination

Crashes tab in IE9 9.0.7 Win7 x64. That's it. The rest of the browser is fine.

On IE 9 on Windows 7 it just causes the tab to load forever. Maybe the bug has been patched?

I have the same setup and clicked "recover" when the option came up, and it crashed the browser then. IE9 is still open, but the cursor is stuck on <--> and clicking anywhere does nothing. I don't even get the "this program has stopped responding" message.

Closing it in any of the normal ways is failing, I had to do end task.

Successive attempts to load the page don't even need for me to click anything for it to crash hard.

No crash on IE 9.0.8112.16421, update version 9.0.7, windows 7 64-bit.

patched to still work really badly?

I can't be the only one that saw this, and immediately thought "Wrap this in some browser detection code, and display it in a tiny iframe if you're using an inferior browser..."

No? Anyone? Guess I'm wearing a black hat today.

If it only crashes IE, and you want to punish IE users, why bother wrapping it?

So that you can embed it in all of your pages secretly and get users to switch from IE to pretty much any other browser that actually follows web standards for implementation.

Right, but why write a wrapper that detects the browser for it? Just ... include it.

Course, the user will see it as your site that crashes the browser. Probably can't be good for conversions.

In IE 9.0.8112 (Win 2008R2) the tab is kinda stuck but the rest of the tabs work fine

I accidentally created another bug that also crashes every single version of internet explorer. It's related to putting a filter: progID into an element modified by javascript.

Does stuff like this make any one else think of "I cannot by played on record player X" from Hofstadter's Godel, Escher, Bach?

It shouldn't. The record and record player was an analogy for statements and formal systems of sufficient complexity. This example would be analogous if html/css formed a Turing complete system, and the job of a browser was to decide whether or not the markup for a given page halted. This is just an example of a fixable bug with rejecting what should be obviously invalid input.

The corresponding analogy would be if the Crab's record player broke any time a particularly bad pop song came on. It could tell by looking at the song whether or not it would break, but the designers didn't bother to fix it because no one wants to listen to bad pop music anyway.

But what about the tension between features (completeness of system? Or ability to reproduce any sound?) and robustness (lack of contradictions? No sounds that would cause its own destruction?)

The analogy seems to fit there, enough to make me smile anyway :)

It froze up Chrome on my PC for a few seconds also.

So I just checked in IE9 and it works fine...

(using 9.0.8112.16421)

Not crashing win 8 consumer preview.

>This page crashes Internet Explorer, even version 9 and 10.

That headline sounds disingenuous and somewhat flamebaity given that 10 is still in development and the latest public version available on Windows 8 does not crash.

It also doesn't crash IE9 on my Windows 7 PC or Windows Phone. I don't think most people have actually tried the page in IE9.

Crashes the tab for me: IE 9.0.8112.16421, Windows 7 Pro (v 6.1 Build 7601: SP 1)

Crashes mine.. IE 9.0.8112.16421 x64 no addons

This is indeed shocking. I cannot recall a time in which I was subjected to using software which contained a bug. I sincerely hope this does not become a trend.

Who is subjecting you to use IE?