-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make "site storage quota" less susceptible to side-channel attacks #70
Labels
security/privacy
There are security or privacy implications
Comments
(I removed a suggested approach from OP as it would only address fingerprinting. I recommend reading the Firefox bug for now for more considered approaches.) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's (somewhat encouraged to be) a global limit and as @tomvangoethem has pointed out, this can lead to cross-origin leaks (XSLeaks).
This relates to #31, but that focuses more on "site storage usage".
cc @whatwg/security
(Firefox: https://bugzilla.mozilla.org/show_bug.cgi?id=1552848.)
The text was updated successfully, but these errors were encountered: