On 4/19/2010 10:08 PM, Jeremy Orlow wrote:
> On Tue, Apr 13, 2010 at 3:09 AM, Mark Seaborn<mseaborn@chromium.org> wrote:
>
>> 2) It is too permissive because it enforces no limit on the amount of
>> space a web app can use: A web app from example.com can create an
>> unlimited number of puppet subdomains: aaa.example.com, bbb.example.com,
>> etc. It can use aaa.example.com's 5Mb allocation by loading a script
>> from aaa.example.com in an iframe and communicating with it using
>> postMessage().
>>
>
> As far as I'm aware, no one (including Chromium) has a solution to at the
> moment. Which probably should be a cause for concern. :-)
In the thread you linked to earlier, it was suggested that user agents
could also factor in the top level domain into the cap (e.g. example.com
only gets 50MB of space).
But really, I don't see how any of this is testable in a deterministic
matter, so I don't see the point in adding it to the spec.
Cheers,
Shawn