34294 2010-01-28 17:17:59 -0800 Initialize DOM Storage's quota's current length parameter when we clone it. 2010-02-01 11:36:24 -0800 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) Other OS X 10.5 RESOLVED FIXED P2 Normal --- 1 jorlow webkit-unassigned abarth ddkilzer oldest_to_newest 185658 0 jorlow 2010-01-28 17:17:59 -0800 Initialize DOM Storage's quota's current length parameter when we clone it. 185659 1 47661 jorlow 2010-01-28 17:20:11 -0800 Created attachment 47661 Patch 185661 2 47661 abarth 2010-01-28 17:23:10 -0800 Comment on attachment 47661 Patch Ok.... I wish this had a test, but you said in IRC that you couldn't write one that actually worked. 185662 3 abarth 2010-01-28 17:25:40 -0800 Jeremy said this might be a security issue. Marking security sensitive to be safe. 185668 4 jorlow 2010-01-28 17:40:37 -0800 I've looked closer and now I'm pretty sure this is not a security issue. Background: LocalStorage has quotas and is shared by all tabs. SessionStorage does not have quotas and is a per-tab storage. When you create a new window, we clone the session storage. We store the amount of quota space currently used in m_currentLength and update it on any mutations. The current length is supposed to be copied when we clone the StorageMap but it was not. Cloning should only ever happen for SessionStorage which has no quota (because it never touches disk and there are much better ways to fill up your memory in the browser). In addition, it's a little far-fetched to think that a site could keep opening up more windows despite popup blockers, users noticing, etc. Thus I think this isn't actually a security issue. Sorry for jumping the gun! 185672 5 jorlow 2010-01-28 17:59:28 -0800 Landed in 54035. 186500 6 ddkilzer 2010-02-01 11:35:33 -0800 Removing the security bit per Comment #4. 47661 2010-01-28 17:20:11 -0800 2010-01-28 17:23:09 -0800 Patch bug-34294-20100128172009.patch text/plain 1014 jorlow SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1NDAzMCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTMgQEAKKzIwMTAtMDEtMjggIEplcmVteSBPcmxvdyAgPGpvcmxvd0BjaHJvbWl1 bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg SW5pdGlhbGl6ZSBET00gU3RvcmFnZSdzIHF1b3RhJ3MgY3VycmVudCBsZW5ndGggcGFyYW1ldGVy IHdoZW4gd2UgY2xvbmUgaXQuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0zNDI5NAorCisgICAgICAgICogc3RvcmFnZS9TdG9yYWdlTWFwLmNwcDoKKyAg ICAgICAgKFdlYkNvcmU6OlN0b3JhZ2VNYXA6OmNvcHkpOgorCiAyMDEwLTAxLTI4ICBOYXlhbiBL dW1hciBLICA8bmF5YW5ra0BnbWFpbC5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTGFzemxv IEdvbWJvcy4KSW5kZXg6IFdlYkNvcmUvc3RvcmFnZS9TdG9yYWdlTWFwLmNwcAo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBXZWJDb3JlL3N0b3JhZ2UvU3RvcmFnZU1hcC5jcHAJKHJldmlzaW9uIDU0MDI0KQorKysg V2ViQ29yZS9zdG9yYWdlL1N0b3JhZ2VNYXAuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00Nyw2ICs0 Nyw3IEBAIFBhc3NSZWZQdHI8U3RvcmFnZU1hcD4gU3RvcmFnZU1hcDo6Y29weSgKIHsKICAgICBS ZWZQdHI8U3RvcmFnZU1hcD4gbmV3TWFwID0gY3JlYXRlKG1fcXVvdGFTaXplKTsKICAgICBuZXdN YXAtPm1fbWFwID0gbV9tYXA7CisgICAgbmV3TWFwLT5tX2N1cnJlbnRMZW5ndGggPSBtX2N1cnJl bnRMZW5ndGg7CiAgICAgcmV0dXJuIG5ld01hcC5yZWxlYXNlKCk7CiB9CiAK