Allow me to return the question: how do you prevent scripts from draining CPU resources? How do you distinguish between legitimate resource usage (like a heavy web application that runs a lot of javascript) from a cryptocurrency miner? How do you throttle one without hurting the other?
Easy (?) when you install a new browser, it should load few standard pages in the background and check what's their CPU% usage. Get average value for all the tests, multiply it by 2 just to have a little bit of wiggle room. Next time website runs, monitor the usage, if it's over the threshold block the script and ask user if they would like to continue running the script.
I'm not going to file patent for this, thanks in the code will be enough. Enjoy :)
Except that fails if the browser is installed while something else CPU intensive is running, an update is installing, an antimalware process is doing its initial analysis, or the device is in battery saver mode.
As an alternative, you could do a survey at install time - check if a battery is present, get power profiles, run your benchmark js stuff, check CPU, RAM, disk type (HDD/SSD) - then download profiles for that/those configuration(s). Then put a 'sensitivity' slider in the advanced options to allow power users to tweak/turn off the limit.
Possible but if you set the limit too low you're going to have it pop it all the time on heavier websites (especially on less powerful hardware/smartphones). Then you condition the user to dismiss these warnings without thinking about it because of the high rate of false positives.
On the other hand if you set it too high then those websites will aim for that limit to maximize profit without triggering the warning. You'll still waste a ton of resources and you've only mitigated the issue somewhat.
I'm not saying it's impossible, just that "just add a dialog when CPU usage is high" might be a bit naive. There's a subtle balance to these things.
Because a browser can't distinguish between a CPU-intensive app, game or simulation that you want to run in your browser, a cryptocurrency miner that a website runs in your browser after it explicitly asked you and you agreed, and a cryptocurrency miner running in the background.
Of course, they could start asking for permission before letting a site use more than X CPU, or before letting the site execute JavaScript at all, but most people don't want additional popups like that.
Someone said that Firefox warns you when a site uses a lot of CPU but I couldn't trigger that warning (maybe I didn't run it long enough or the feature is in a newer version).
> Can someone point me in the right direction to learn about or just simply explain how modern-day browsers allow for scripts to drain CPU resources?
They allow it because the point of scripts is to consume some level of CPU resources, and setting an arbitrary limit on how much is too much is bound to cause a bad user experience when e.g. rendering large visualizations or playing a fast-paced game.