Unless you use Firefox HTML5 LocalStorage can completely fill your hard drive

first_imgIf you’re running Google Chrome, Safari, Opera, or Internet Explorer, take note: there’s a glitch in the way those browsers have implemented HTML5 LocalStorage that can allow a website to fill up your hard drive, SSD, or NAND storage with data. According to numerous reports from users who have bravely visited the proof-of-concept website, the shenanigans seems to work just fine on mobile versions of the vulnerable browsers as well.Only Firefox appears immune, thanks to Mozilla’s decision to implement a cap on the amount of LocalStorage a web app can utilize. Chrome, Safari, Opera, and IE all let developer Ferross Aboukhadijeh’s HTML5 Hard Drive Filler run wild. Curiously, the W3C spec for LocalStorage goes so far as to caution implementers that they should set a limit for the total amount of space that can be utilized on a device.Aboukhadijeh notes that a possible workaround for that proposed limitation could be to simply use stores for multiple subdomains within a site — like ls1.geek.com, ls2.geek.com, and so on. However, the W3C has that covered too, saying that browsers should guard against that specific scenario. In total, the W3C says that 5MB is a good arbitrary limit to impose. So if it’s right there in the spec, why is it that only Mozilla is compliant?Maybe the others think that 5MB isn’t enough space to allow for truly rich, modern web apps to store critical data locally — say, for offline use. That’s fair, but why not then bump the limit up to 10, 50, or even 100MB just so there’s some kind of cap to prevent precisely this kind of foolishness?It’s impressively scary just how fast the Filler can bung up a drive… but please, just watch the video. Don’t feel like you have to abuse your own browser.last_img

Leave a Reply

Your email address will not be published. Required fields are marked *