Don’t try this at home.
And don’t try it at work, or persuade anyone else at work to try it, or email other people the link in the hope they’ll try it, and so on.
Yes, we’re aware that advice of this sort is a bit like Barbra Streisand’s effort to prevent photos of her house being circulated, but we have to say it anyway.
Don’t try and get your Apple-loving friends to visit crashsafari dot com.
Technically, the site doesn’t so much crash Safari, at least not for a while, as send it into a memory-guzzling loop that bogs down your Mac (or, apparently, your iPhone) until you wish you had left well alone.
Ironically, the code used by the rogue site is extremely simple, like this:
The text inside the HTML part should show up like this:
It creates a series of text strings from the numbers 0, 1, 2, and so on up to 99,999, in a sequence like this:
Each time a new string is created, it is squeezed into the browser’s history list using the special function history.pushState(), quickly leading to a situation like this:
You end up with the last URL in the history list being all the numbers from 0 to 99,999 written end-to-end, which is a string that is 1×10 + 2×90 + 3×900 + 4×9000 + 5×90000 bytes long. (All one-digit numbers plus all two-digit numbers, and so on.)
That string alone is nearly 0.5MB in size (488,890 bytes), but that’s only the last one in the list.
By the time 100,000 strings-from-numbers have been created in memory and then shoved into the history list, the total length of the text strings generated is 488,890 + 488,885 + 488,880 … 3 + 2 +1 bytes.
So, the total size is proportional not to the number of times around the loop in the script (100,000 iterations), but proportional to the square of the number of loops (100,000 x 100,000, or 10 billion).
That’s because there are 100,000 entries in the history list, each taking an average of about 250KBytes, for a total of about 25GBytes of memory.
Eventually, Safari is using so much of your computer’s memory that the system becomes unresponsive and you may even need to reboot.
If you have patience, you can start a terminal window (which may take some time to appear) and use the command killall -9 Safari, which will eventually persuade OS X to terminate the system-hogging browser process.
Or you can switch to the Finder app, then click on the Apple menu and use the Force Quit… utility to achieve the same result by killing off Safari.
Be prepared to wait some time for the system to catch up and for the extreme memory and CPU usage while Safari is struggling to keep up…
…to fall back to usual levels:
Does this particular trick work with other browsers?
We’ve tried Firefox, which soon pops up a warning that the script in the offending web page has become unresponsive, giving you the chance to kill it off early.
As for other browsers, we haven’t tried – but assume the worst, because dealing gracefully with heavy memory load is a tricky problem for any browser, and different browsers will struggle with different “prank” pages.
By the way, at the risk of sounding like wowsers with no sense of fun, we’re asking you again, “Don’t try this at home.”
If you put friends in the position where they need to kill off Safari to get control back over their computer, they will lose some time and effort, even if it’s only the tabs they had open.
When it comes to computer security, please don’t be the sort of person of whom your acquaintances say, “With friends like that, who needs enemies?”
We all have enough cyberenemies as it is…