This HTML5 Bug Lets Web Sites Fill Your Hard Drive (With Cat Pictures)

HTML5 lets code run in your browser. Code often wants to store data. A student developer has demonstrated how a poor implementation of one small part of the HTML5 standard means it is quite easy to build a site that fills your hard drive while displaying pictures of cats.

Feross Aboukhadijeh created the FillDisk.com site to demonstrate how the HTML5 Web Storage Standard isn't properly supported in Chrome, Internet Explorer and Safari. Visit the site and your drive will rapidly fill with data while the site distracts you with cat images. (There's a stop button which erases the unwanted data, but if you don't get in fast enough the browser can crash.)

So what's going on? The standard allows for storage of a larger amount of data than is possible with cookies: useful if you want to build more complex apps. However, it also recommends setting an upper limit on this storage at user agent (browser) level. IE permits 10MB per site, Firefox and Opera allow 5MB, and Chrome allows 2.5MB.

The standard also specifies that browsers should check to make sure that this total is calculated to include both subdomains and top-level domains (for example, sneaky.lifehacker.com.au as well as lifehacker.com.au). However, it seems that only Firefox and Opera currently do this, leaving Chrome, Safari and IE all vulnerable to HTML5 sites storing potentially limitless amounts of data through the use of subdomains.

The demo which Aboukhadijeh created is relatively harmless, but I suspect his source code will be utilised by a lot of pranksters before the browser developers fix their implementation.

How to troll using HTML5 localStorage [Feross]

WATCH MORE: Tech News

Comments

    Bah. Not a bug. How can getting your cat picture fix d'jour not be defined as a 'feature' in any meaning of the word.

    If I be an IT terminology pedant as well Angus. The term bug has been replaced with the word defect in most companies. Or at least should have been if they attempt to even roughly adhere to a number of ISO quality standards.

    Although the vernacular form is understood by most in the field and some laymen, it's no longer the correct word to use.

      Oh darn, refusal to register means I can't correct the "if I be" mistake to "If I may be".

      obviously, Pedant Bear has not approved my pre-coffee comments today. Pedant Bear is so much friendlier than Grammar Nazi, but still not one that you should tempt!

      The term bug has been replaced with the word defect in most companies.

      Microsoft prefers to use the word "feature".

    In any case, it's not a HTML5 bug, it's a browser bug.

Join the discussion!

Trending Stories Right Now