Thanks To HTML5, This Website Can Fill Your Whole Hard Drive With Trash

Sometimes a browser needs to leave a little data on your computer, just a little 5-10KB nibblit, a cookie. HTML5 is a hungrier beast than that which came before it though, and sometimes wants a little more. Maybe 5MB or so. But that's where it should end. Thanks to a little HTML5 vulnerability, however, this site can and will fill your entire hard drive with trash.

In order to keep sites from going to wild, most browsers put a hard limit on how much space any site can get. Google Chrome says 2.5MB, Firefox goes with 5MB, Internet Explorer opts for 10MB, etc. And HTML5 standards dictate that a single stash should apply to all affiliated sites. So should have to share with Except in most browsers, as discovered by Feross Aboukhadijeh, they don't.

In Chrome, Safari and Internet Explorer (FireFox users, pat yourselves on the back), subdomains all get their own little data cubbies, so as long as a site keeps churning out new ones, your hard drive will keep eating up the data until it's bulging at the seams. And Feross Aboukhadijeh's does exactly that. Fortunately for you, it's merciful enough to give you all your space back if you ask it to stop, but it's easy to see how this could be a pain if it didn't play nice.

Feross has logged the bug for Chrome and Safari, so the problem there should be fixed soon, but so far Ferros has been unable to alert the folks at Microsoft thanks to a dead page. But until the fix comes in, you can still bomb your friends with a (relatively friendly) hard drive spam, and be gateful no one more mischevious found this little problem first. [Feross Aboukhadijeh via Slashdot]

Picture: Aron Brand/Shutterstock



    Well isn't it good that call centre workers strongly insist that you clear your internet caches even when you're having a problem with your DSL sync and it's got nothing to do with it.

    This story already ran. Like a week ago. On this same site.

      And just like last article, it's misreported. The HTML5 specification already caters for this problem so it's not a HTML5 vulnerability or bug or anything else. It's a bug in the specific implementation of HTML5 in certain browsers, that is likely to be fixed in the next few patches.

Join the discussion!