There is a technique available the bad guys understand that allows a web page to fill up a hard disk without any action on the user’s part, one developer said.
To do so, this technique uses the Web Storage technology in HTML5, which is in all popular browsers. Web Storage provides a separate data storage area for each domain: In Chrome and Safari, the default is 2.5MB, in Firefox and Opera it’s 5MB, and in Internet Explorer, 10MB.
Developer Feross Aboukhadijeh, who discovered the issue, uses innumerable subdomains, none of which exceed the browser’s set quota, to accumulate huge total amounts. There are rules against this type of storage as stipulated in the W3C specification that says “User agents should limit the total amount of space allowed for storage areas.”
Not all browsers end up fooled by the Hard Disk Filler: Firefox will abort the script without comment once the limit for a domain has been reached, while Opera will ask users whether they want to release unlimited storage when a limit defined in opera:config (Global Quota For Databases) ended up reached.
However, Chrome, Safari and Internet Explorer aren’t as clever. Aboukhadijeh said he has already reported the bug to Google and Apple.