Initialize DOM Storage's quota's current length parameter when we clone it.
Created attachment 47661 [details]
Comment on attachment 47661 [details]
Ok.... I wish this had a test, but you said in IRC that you couldn't write one that actually worked.
Jeremy said this might be a security issue. Marking security sensitive to be safe.
I've looked closer and now I'm pretty sure this is not a security issue.
LocalStorage has quotas and is shared by all tabs. SessionStorage does not have quotas and is a per-tab storage. When you create a new window, we clone the session storage. We store the amount of quota space currently used in m_currentLength and update it on any mutations.
The current length is supposed to be copied when we clone the StorageMap but it was not. Cloning should only ever happen for SessionStorage which has no quota (because it never touches disk and there are much better ways to fill up your memory in the browser). In addition, it's a little far-fetched to think that a site could keep opening up more windows despite popup blockers, users noticing, etc.
Thus I think this isn't actually a security issue. Sorry for jumping the gun!
Landed in 54035.
Removing the security bit per Comment #4.