HTML 5 Loophole: Get Ready for Mass Data Dumps on Your Computer


Home / HTML 5 Loophole: Get Ready for Mass Data Dumps on Your Computer

Thanks to HTML 5, your computer could soon become full of junk. Image by Tim Sheerman-Chase

A loophole in browser implementation of the new HTML 5 language used for coding means that websites can start dumping large amounts of data on your computer. Storing data on the computer is normal for all websites, even in the language’s predecessor HTML 4, but a loophole in the new code means that hard drives could soon become full of junk data that simply takes up space. Browsers have refused to comment, but the web developer who found the problem sheds some light on the subject for Decoded Science readers.

What Is HTML 5?

HTML is the coding language used to create websites. It also defines everything that a website can do, including storing data on computers through the use of Cookies. Different web browsers allow different amounts of data to be stored. Firefox will allow 5MB while Google Chrome only allows 2.5MB.

HTML has constantly been changing since its first development in the 1990s; HTML 4 has been the  the most up to date since 1997. While HTML 4 has been great, HTML 5 answers some of the shortfalls of the earlier code, including eliminating the requirement for a third-party application such as Adobe Flash to play music and watch videos..

Websites Store Data Through Cookies

All websites store data – HTML 4 used cookies to help to store data on your computer and track information about you, including your location, age, and the type of websites you visited. It allows websites to make the experience more personal by tailoring ads to suit the type of things you search for or which are in a location close to you. HTML 5 does the same but wants to store more data – 5MB worth. Not a big change from HTML 4, right?

However, a web developer and computer science student, Feross Aboukhadijeh stumbled across the loophole allows for more than that to be stored; and not necessarily useful information. When asked how he found it, he said, “I usually don’t spend my time actively looking for security bugs – I just frequently run into them while programming. In the case of the localStorage bug, I found it while working on a project that utilizes localStorage. I was curious if there was some way to store more than 2.5-10 MB using the API, and using multiple site “origins” by creating tons of subdomains was the first thing that came to mind.

This happens on PCs and Macs and in browsers Internet Explorer, Chrome, Safari, and Opera. The only web browser that is safe is Firefox, so until this loophole is fixed, it may be worth switching over. According to Mr. Aboukhadijeh, Microsoft Explorer is currently looking into the issue but Apple has not yet responded. Chrome developers have responded to their bug report, after 903 people commented, and are currently working to close the loophole.

Leave a Comment