localStorage stores unlimited amount of data with unlimited subdomains, against spec - by JeffreyATW

Status : 

  Fixed<br /><br />
		This item has been fixed in the current or upcoming version of this product.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


ID 780246 Comments
Status Closed Workarounds
Type Bug Repros 14
Opened 2/28/2013 9:47:30 AM
Access Restriction Public

Description

The localStorage spec suggests:

"User agents should guard against sites storing data under the origins other affiliated sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit.

A mostly arbitrary limit of five megabytes per origin is recommended."

But IE does not follow the subdomain limit, meaning that a site with unlimited subdomains can claim an unlimited amount of disk space.
Sign in to post a comment.
Posted by Microsoft on 6/27/2013 at 12:49 PM
Thank you for your feedback.

We have released a new preview version of Internet Explorer which is included with Windows 8.1 available from the following location: http://windows.microsoft.com/en-us/windows-8/preview
During our testing we are no longer able to reproduce the issue using Internet Explorer 11 please verify you are still experiencing the reported problem in this new release. If the issue continues please reopen this connect feedback item and provide additional details that will help us continue our investigation.

Best regards,

The Internet Explorer Team
Posted by Microsoft on 2/28/2013 at 1:19 PM
Thank you for your feedback. We will be investigating this issue further.

Best regards,

The Internet Explorer Team
Posted by IECustomizer on 2/28/2013 at 12:21 PM
Excellent post.
Posted by Feross on 2/28/2013 at 10:46 AM
See http://filldisk.com for proof-of-concept code.