Tuesday, January 27, 2015
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Offers Power BI Business Intelligence Tools For Free
Apple Takes Top Spot in China's Smartphone Market
Dell M3800 Mobile Workstation Now Available With 4K Display
Twitter Gets Group Messaging and Video Recording
Microsoft Updates Xbox One Controller Firmware
Crucial Ballistix Elite DDR4 Memory Now Available
Samsung Advances Smart eMBMS Solution with Improved Video
Mitsubishi Chemical Files Patent Lawsuit Against Red Phosphors in China
Active Discussions
Rimage 2000i
Sound card for my Laptop
full screen wide screen
Hi
About the restriction problem of chapter quantity in DVD
Booktype utilities for LiteON and OEM DVD Recorders
downgrade a nero vision 5 project to nero vision 2
what is the minimum burning speed
 Home > News > General Computing > HTML5 W...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, March 01, 2013
HTML5 Weakness Allows Data Dump On Hard disks


A developer has discovered a loophole in the HTML5 web code, which could allow gigabytes of junk data to be dumped on your hard disks.

Developer Faross Aboukhadijeh found the bug and set up a demo page (FillDisk.com) as a proof-of-concept, which that fills visitors hard drives with pictures of cartoon cats.

The HTML5 Web Storage standard was developed to allow sites to store larger amounts of data (10 MB) than was previously allowed by cookies (4KB). The standard anticipated that sites might abuse this feature and advised that browsers limit the total amount of storage space that each origin could use. So currently, Google Chrome limits the amount of data to 2.5 MB per origin, Mozilla Firefox and Opera alllows up to 5 MB per origin and Internet Explorer up to 10 MB per origin. In addition, the web standard says that HTML 5 user agents should guard against sites storing data under the origins other affiliated sites, a move that would not allow for circumventing the storage limits.

However, Chrome, Safari, and IE currently do not implement any such "affiliated site" storage limit. Thus, cleverly coded websites, like FillDisk.com, have effectively unlimited storage space on visitor?s computers.

The proof-of-concept page fills up the user?s hard disk on Chrome, Safari (iOS and desktop), Opera, and IE. The page has been tested to work with Chrome 25, Safari 6, Opera (12), IE 10. The page does not work on Firefox, since Firefox?s implementation of localStorage is smarter, said Mr Aboukhadijeh.

In a bid to solve the problem, bug reports about the exploit have been filed with major browser makers.


Previous
Next
Facebook To Unveil New New Newsfeed        All News        Research Found That SSDs Suffer Data Loss When They Lose Power
Facebook To Unveil New New Newsfeed     General Computing News      U.K Court To Block Torrent Sites

Get RSS feed Easy Print E-Mail this Message

Related News
HTML5 is Specs Finalized
Netflix To Implement HTML5 Video Technologies
Intel Expands Support of HTML5 with Launch of App Development Environment
HTML5 Definition Complete, W3C Moves to Interoperability Testing and Performance
Adobe Web dev Embraces HTML5 Wed Development
Intel Focuses On Software Developers, Announces New HTML5 Tools
Adobe Eliminates Flash Player For Mobiles, Sees Future In HTML5
Adobe Releases Preview of New HTML5 Design Tool
Apple Excludes Essential HTML5 Patents From W3C
Mozilla Updates HTML5-based PDF Renderer
Adobe Tool Converts Flash into HTML 5
HTML5 To Be Ready by 2014

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .