CPU quota for external scripts

[kornelski]

On a page that I maintain I have to include a really, really bad 3rd party script (nearly O(n^2) traversal of entire DOM kind of bad).

Fixing or removal of the script is impossible: it's owned by a vendor who has no incentive to improve it, and the management accepts awfulness of the script as a necessary evil to bring revenue.

So I'd like to have an ability to reduce negative impact of this script without completely breaking it (if it breaks a little that's fine - it breaks in many cases already).

Here are some whacky ideas:

• force the script to run in a CPU-throttled Worker that looks and works like main document (with all globals visible), but only has a read-only DOM snapshot (or read-write, but race-condition-causing-async and without causing layout flush).
• Hide areas of DOM from the script, or make a "chroot jail" for DOM, so that a <div> designated for the script looks like <body> from perspective of that script
• Alternatively ability to have a CPU-throttled iframe with unidirectional access (so that top-level context can mess with it, but framed scripts can't escape the frame), so that I can implement the above ideas myself.

[craigfrancis]

Similar proposal from Ilya Grigorik:

https://www.igvita.com/2016/03/01/control-groups-cgroups-for-the-web/

Which is probably a bit more enforceable (because it only focuses on these restrictions)... so maybe the CPP might be able to work with this?

As to the iframe idea, I would personally love for the @sandbox attribute to grant some permissions, allowing the iframed document to read (only) the parents DOM content, so that context sensitive adverts can exist in an otherwise locked down iframe (and by locked down, this means no access to cookies, no editing the document outside of its iframe, no popups/overlays/popunders - just top level navigation due to user input, and for things like cgroups to limit resources, etc).

[yoavweiss]

Yeah, @igrigorik's thoughts on cgroups could fit very well into this model.