<div dir="ltr"><div>Thank you for bringing this up Doug. It is a significant attack vector that browsers ought to protect against. I recommend adding a parse-time test for USE node references to ensure that they do not point to a self-referential direct ancestor.</div><div><br>Relevant specification sections:</div><div><ul><li><a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/concepts.html#DEF_USE_Semantics">X3D Architecture 4.1 draft — ISO/IEC 19775-1:202x — 4 Concepts</a></li></ul></div><div><h2 style="margin-top:18px;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif"><font size="2">4.4.3 DEF/USE semantics</font></h2><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">Node DEF names are limited in scope to a single X3D file, prototype definition, or string submitted to either CreateX3DFromString, CreateX3DFromStream, or CreateX3DFromURL X3D browser service (as specified in <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD/references.html#I19775_2">ISO/IEC 19775-2</a>).</p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">The USE statement does not create a copy of the node identified by a DEF name. Instead, the same node is inserted into the scene graph a second time, resulting in the node having multiple parents (see <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/concepts.html#TransformationHierarchy">4.3.5 Transformation hierarchy</a>, for restrictions on self-referential nodes).</p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">Node names shall be unique in the context within which the associated DEF name occurs. <span class="gmail-proposed" title="editorial, Mantis 1526" style="background-color:yellow">Any USE node reference without a corresponding DEF, within the scope of the current scene or prototype declaration, is an error.</span></p><div class="editorsNote" title="proposed to ensure consistent implementations, Mantis 1526" style="background-color:lightcyan;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif"><p class="gmail-note" style="margin-top:18px;margin-bottom:18px;font-family:univers,arial,sans-serif">NOTE DEF names are not required to precede USE reference</p></div></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div style="color:rgb(34,34,34)"><ul><li><a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/concepts.html#TransformationHierarchy">https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/concepts.html#TransformationHierarchy</a></li></ul></div><div style="color:rgb(34,34,34)"><h2 style="margin-top:18px;color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif"><font size="2">4.3.5 Transformation hierarchy</font></h2><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">The transformation hierarchy includes all of the root nodes and root node descendants that are considered to have one or more particular locations in the virtual world. X3D includes the notion of <i>local coordinate systems</i>, defined in terms of transformations from ancestor coordinate systems. The coordinate system in which the root nodes are displayed is called the <i>world coordinate system</i>.</p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">An X3D browser's task is to present an X3D file to the user; it does this by presenting the transformation hierarchy to the user. The transformation hierarchy describes the directly perceptible parts of the virtual world.</p><p align="left" style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">Some nodes, such as sensors and environmental nodes, are in the scene graph but not affected by the transformation hierarchy. These include <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/interpolators.html#CoordinateInterpolator">CoordinateInterpolator</a>, <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/scripting.html#Script">Script</a>, <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/time.html#TimeSensor">TimeSensor</a>, and <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/core.html#WorldInfo">WorldInfo</a>.</p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">Some nodes, such as <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/grouping.html#Switch">Switch</a> or <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/navigation.html#LOD">LOD</a>, contain a list of children, of which at most one is traversed during rendering. However, for the purposes of computing scene position, all children of these nodes are considered to be part of the transformation hierarchy, whether they are traversed during rendering or not. For instance, a <a href="https://www.web3d.org/specifications/X3Dv4Draft/ISO-IEC19775-1v4.1-CD//Part01/components/navigation.html#Viewpoint">Viewpoint</a> node which is a child of a Switch whose whichChoice field is set to -1 (indicating that none of its children should be traversed during rendering) still uses the local coordinate space of the Switch to determine its position in the scene.</p><p style="color:rgb(0,0,0);font-family:Verdana,Arial,Helvetica,sans-serif">The transformation hierarchy shall be a directed acyclic graph; a node in the transformation hierarchy that is its own ancestor is considered invalid and shall be ignored. The following is an example of a node in the scene graph that is its own ancestor:</p><pre class="gmail-listing" style="color:rgb(0,0,0);margin-left:15px">DEF T Transform {
children [
Shape { ... }
USE T
]
} </pre></div><div style="color:rgb(34,34,34)"><font face="arial, sans-serif">For easy reference, I have added this to</font></div><div style="color:rgb(34,34,34)"><ul><li><font face="arial, sans-serif">X3D Resources, Security, Vulnerabilities</font></li><li><font face="arial, sans-serif"><a href="https://www.web3d.org/x3d/content/examples/X3dResources.html#Vulnerabilities">https://www.web3d.org/x3d/content/examples/X3dResources.html#Vulnerabilities</a></font></li></ul></div><div style="color:rgb(34,34,34)"><font face="arial, sans-serif">Be Careful with Secure X3D! 🔐</font></div><div style="color:rgb(34,34,34)"><span style="font-family:monospace"><br></span></div><div style="color:rgb(34,34,34)"><span style="font-family:monospace">all the best, Don</span></div><div style="color:rgb(34,34,34)"><font face="monospace">-- </font></div><div style="color:rgb(34,34,34)"><font face="monospace">X3D Graphics, Maritime Robotics, Distributed Simulation</font></div><div style="color:rgb(34,34,34)"><font face="monospace">Relative Motion Consulting <a href="https://RelativeMotion.info" target="_blank">https://RelativeMotion.info</a></font></div></div></div></div><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Sun, Mar 29, 2026 at 11:02 AM GPU Group via x3d-public <<a href="mailto:x3d-public@web3d.org">x3d-public@web3d.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">There doesn't seem to be anything to stop a scene from being cyclic -- freewrl has no defense against it, and simply crashes likely from stack overflow.<div>-Doug</div><div><?xml version="1.0" encoding="UTF-8"?><br><!DOCTYPE X3D PUBLIC "ISO//Web3D//DTD X3D 3.0//EN" "<a href="http://www.web3d.org/specifications/x3d-3.0.dtd" target="_blank">http://www.web3d.org/specifications/x3d-3.0.dtd</a>"><br><X3D profile='Interchange'><br><head><br></head><br><br><Scene><br> <Group DEF='CYCLIC'><br> <Shape ><br> <Appearance ><br> <Material /><br> </Appearance><br> <Cone /><br> </Shape><br> <Group USE='CYCLIC'/><br> </Group><br></Scene><br></X3D><br></div><div><br></div></div>
_______________________________________________<br>
x3d-public mailing list<br>
<a href="mailto:x3d-public@web3d.org" target="_blank">x3d-public@web3d.org</a><br>
<a href="http://web3d.org/mailman/listinfo/x3d-public_web3d.org" rel="noreferrer" target="_blank">http://web3d.org/mailman/listinfo/x3d-public_web3d.org</a><br>
</blockquote></div>