Sometimes a browser needs to leave a little data on your computer, just a little 5-10KB nibblit, a cookie. HTML5 is a hungrier beast than that which came before it though, and sometimes wants a little more. Maybe 5MB or so. But that’s where it should end. Thanks to a little HTML5 vulnerability, however, this site can and will fill your entire hard drive with trash.
In order to keep sites from going to wild, most browsers put a hard limit on how much space any site can get. Google Chrome says 2.5MB, Firefox goes with 5MB, Internet Explorer opts for 10MB, etc. And HTML5 standards dictate that a single stash should apply to all affiliated sites. So a1.example.com should have to share with a2.example.com. Except in most browsers, as discovered by Feross Aboukhadijeh, they don’t.
In Chrome, Safari and Internet Explorer (FireFox users, pat yourselves on the back), subdomains all get their own little data cubbies, so as long as a site keeps churning out new ones, your hard drive will keep eating up the data until it’s bulging at the seams. And Feross Aboukhadijeh’s Filldisk.com does exactly that. Fortunately for you, it’s merciful enough to give you all your space back if you ask it to stop, but it’s easy to see how this could be a pain if it didn’t play nice.
Feross has logged the bug for Chrome and Safari, so the problem there should be fixed soon, but so far Ferros has been unable to alert the folks at Microsoft thanks to a dead page. But until the fix comes in, you can still bomb your friends with a (relatively friendly) hard drive spam, and be gateful no one more mischevious found this little problem first. [Feross Aboukhadijeh via Slashdot]
Picture: Aron Brand/Shutterstock