http://www.dan-dare.org
Web developer, designer and computer science student Feross Aboukhadijeh noticed the loophole, which affects websites on Google Chrome, Apple Safari, and Microsoft’s Internet Explorer.
To demonstrate the effect of the bug, Aboukhadijeh created a proof-of-concept demo, which he names FillDisk. The site begins to fill a visitor’s hard disk with images of cartoon cats, demonstrating a data storage rate of 1GB per 16 seconds during one test.
While the HTML 5 web storage standard recommends browsers implement maximum storage limits for websites and also for affiliated sites, Aboukhadijeh noticed Chrome, Safari and Internet Explorer have not specified any affiliated site limits, thus leaving computers open for data dumping without limits.
The only browser to guard against this hard disk filling of data is Mozilla’s Firefox, says Aboukhadijeh.
The majority of websites are built on the HTML 4 standard for now, as such the loophole may not affect too many internet users at the moment although programmers are increasingly migrating to the HTML 5 code, which allows for more data storage locally on computers than previous versions.
The developers of HTML 5 anticipated the over-filling of hard disks, which is the reason for the storage standards recommending storage limits be imposed by individual browsers.
Aboukhadijeh has filed bug reports with Apple, Google, Microsoft and Opera.