Web page fills up hard disk
Contributed by: Email on 03/01/2013 03:57 PM [ Comments ]
Developer Feross Aboukhadijeh has published a simple technique that allows a web page to fill up a hard disk without any action on the user's part. If you'd like to try out the "HTML5 Hard Disk Filler" at your own peril, simply go to www.filldisk.com but beware: the script will immediately get to work and clog up your hard disk with cat images.
To do so, it uses the Web Storage technology in HTML5, which is implemented in all popular browsers. Web Storage provides a separate data storage area for each domain: in Chrome and Safari, the default is 2.5MB, in Firefox and Opera it's 5MB, and in Internet Explorer, 10MB (a test page provides information on a browser's applicable data limit).
Aboukhadijeh simply uses innumerable subdomains, none of which exceed the browser's set quota, to accumulate huge total amounts a technique that is familiar, for example, from political party donations. That this shouldn't be possible isn't just a matter of common sense, it is also stipulated in the W3C specification ("User agents should limit the total amount of space allowed for storage areas").
Not all browsers can be fooled by the Hard Disk Filler: Firefox will abort the script without comment once the limit for a domain has been reached, while Opera will ask users whether they want to release unlimited storage when a limit that is defined in opera:config (Global Quota For Databases) has been reached. However, Chrome, Safari and Internet Explorer aren't as clever. Aboukhadijeh says that he has already reported the bug to Google and Apple.
To do so, it uses the Web Storage technology in HTML5, which is implemented in all popular browsers. Web Storage provides a separate data storage area for each domain: in Chrome and Safari, the default is 2.5MB, in Firefox and Opera it's 5MB, and in Internet Explorer, 10MB (a test page provides information on a browser's applicable data limit).
Aboukhadijeh simply uses innumerable subdomains, none of which exceed the browser's set quota, to accumulate huge total amounts a technique that is familiar, for example, from political party donations. That this shouldn't be possible isn't just a matter of common sense, it is also stipulated in the W3C specification ("User agents should limit the total amount of space allowed for storage areas").
Not all browsers can be fooled by the Hard Disk Filler: Firefox will abort the script without comment once the limit for a domain has been reached, while Opera will ask users whether they want to release unlimited storage when a limit that is defined in opera:config (Global Quota For Databases) has been reached. However, Chrome, Safari and Internet Explorer aren't as clever. Aboukhadijeh says that he has already reported the bug to Google and Apple.
Comments