add throttling to avoid long-running script errors for large keys/weak browsers
jaredhirsch opened this issue · comments
jwcrypto doesn't currently ever yield to the UI thread via setTimeout(), which means large keys (or crappy browsers like IE8 with not-necessarily-large keys) will lock up and/or throw the "long-running script" error. See callahad/mockmyid#4 for an example of this happening in real life.
The basic formula is simple, but making it work is tough: replace for
loop with function call, increment a counter on each turn, yield to UI thread every so often.
Games are CPU-intensive but yield kindly to the UI thread, no reason we can't do the same here--especially if we want this library to be widely usable.
Ref on long-running scripts (5 million turns in IE) http://www.nczonline.net/blog/2009/01/05/what-determines-that-a-script-is-long-running/
mitigation is to use DSA for javascript client-generated keys.