科技回声

The fact that there's a limit is not surprising. That the limit is 2GB is a little surprising, but this is across all sites, so ok. That there's no cache ejection when you reach the limit just seems like a bug. Why not use LRU?

It would be fun to execute this against a mobile device, where storage is expensive. 2GB might be all that is required to choke the device. A neat client-side DDoS :)

>As a user, I had no idea that the website I'm browsing is downloading a suspicious amount of data in the background.<p>not when you're browsing localhost, because it's implicitly trusted. chrome doesn't prompt you to allow access to the location services API when you're local either, but it does prompt for permission on the web. does the browser still not warn you if you try this same test using a remote server?

This is not an issue in either Opera or Firefox. The title should probably reflect that it's limited to Chrome (and possibly other Webkit browsers + IE?).

It would be fun to execute this against a mobile device, where storage is expensive. 2GB might be all that is required to choke the device. A neat client-side DDoS :)

This is not an issue in either Opera or Firefox. The title should probably reflect that it's limited to Chrome (and possibly other Webkit browsers + IE?).

How a web app can download and store over 2GB without you even knowing it

4 条评论

How a web app can download and store over 2GB without you even knowing it

4 条评论