Saturday, August 19, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
YouTube TV expands to new markets
Facebook Tests News Stories Customized to Users' Interests
Google Home Now Supports Free Calls
Asus Unveils the ZenFone 4 Pro, ZenFone 4, ZenFone 4 Selfie Pro, and ZenFone 4 Selfie
Nokia 8 Shipped With ZEISS Optics
Apple is Getting Serious in TV Shows and Film Prospect
Acer's New 4K Projectors Bring the Benefits of Cinema Home
Fiat Chrysler Joins BMW, Intel, Mobileye in Autonomous Driving Team
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > HTML5 W...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, March 01, 2013
HTML5 Weakness Allows Data Dump On Hard disks


A developer has discovered a loophole in the HTML5 web code, which could allow gigabytes of junk data to be dumped on your hard disks.

Developer Faross Aboukhadijeh found the bug and set up a demo page (FillDisk.com) as a proof-of-concept, which that fills visitors hard drives with pictures of cartoon cats.

The HTML5 Web Storage standard was developed to allow sites to store larger amounts of data (10 MB) than was previously allowed by cookies (4KB). The standard anticipated that sites might abuse this feature and advised that browsers limit the total amount of storage space that each origin could use. So currently, Google Chrome limits the amount of data to 2.5 MB per origin, Mozilla Firefox and Opera alllows up to 5 MB per origin and Internet Explorer up to 10 MB per origin. In addition, the web standard says that HTML 5 user agents should guard against sites storing data under the origins other affiliated sites, a move that would not allow for circumventing the storage limits.

However, Chrome, Safari, and IE currently do not implement any such "affiliated site" storage limit. Thus, cleverly coded websites, like FillDisk.com, have effectively unlimited storage space on visitor?s computers.

The proof-of-concept page fills up the user?s hard disk on Chrome, Safari (iOS and desktop), Opera, and IE. The page has been tested to work with Chrome 25, Safari 6, Opera (12), IE 10. The page does not work on Firefox, since Firefox?s implementation of localStorage is smarter, said Mr Aboukhadijeh.

In a bid to solve the problem, bug reports about the exploit have been filed with major browser makers.


Previous
Next
Facebook To Unveil New New Newsfeed        All News        Research Found That SSDs Suffer Data Loss When They Lose Power
Facebook To Unveil New New Newsfeed     General Computing News      U.K Court To Block Torrent Sites

Get RSS feed Easy Print E-Mail this Message

Related News
YouTube Now Defaults to HTML5
HTML5 is Specs Finalized
Netflix To Implement HTML5 Video Technologies
Intel Expands Support of HTML5 with Launch of App Development Environment
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance
Adobe Web dev Embraces HTML5 Wed Development
Intel Focuses On Software Developers, Announces New HTML5 Tools
Adobe Eliminates Flash Player For Mobiles, Sees Future In HTML5
Adobe Releases Preview of New HTML5 Design Tool
Apple Excludes Essential HTML5 Patents From W3C
Mozilla Updates HTML5-based PDF Renderer
Adobe Tool Converts Flash into HTML 5

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .