forked from electron/electron
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dom_storage_limits.patch
103 lines (90 loc) · 4.96 KB
/
dom_storage_limits.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Jacob Quant <jacobq@gmail.com>
Date: Thu, 31 Oct 2019 14:00:00 -0500
Subject: dom_storage_limits.patch
This patch circumvents the restriction on DOM storage objects,
namely `localStorage` and `sessionStorage`, which chromium otherwise
limits to approximately 10MiB.
That restriction originates from a recommendation
[in the Web Storage API specification](https://html.spec.whatwg.org/multipage/webstorage.html#disk-space-2)
that is motivated by the concern that hostile code could abuse this
feature to exhaust available storage capacity.
However, in the case of Electron, where the application developers
have control over all of the code being executed,
this safety precaution becomes a hindrance that does not add much value.
For example, if a malicious developer wanted to consume disk space
on a victim's machine they could do so via Node's native file system API.
By disabling this restriction or increasing the quota,
electron application developers can use `localStorage`
as their application's "back end", without being having
to limit the amount of data stored to 10MiB.
There may still be some benefit to keeping this restriction for applications that load remote content.
Although all remote data should be from a trusted source and transferred using
a secure channel, it is nevertheless advisable to include additional layers of protection
to mitigate risks associated with potential compromise of those other technologies.
With that in mind, an acceptable alternative to disabling the limit at compile-time
(as this patch currently does) would be to instead allow it to be disabled at run-time
for a given `BrowserWindow` via a `webPreferences` option,
similar to [`nodeIntegration`](https://electronjs.org/docs/tutorial/security#2-disable-nodejs-integration-for-remote-content).
diff --git a/content/browser/dom_storage/dom_storage_types.h b/content/browser/dom_storage/dom_storage_types.h
index 6c0b831ebaaa..fcf2456debab 100644
--- a/content/browser/dom_storage/dom_storage_types.h
+++ b/content/browser/dom_storage/dom_storage_types.h
@@ -21,6 +21,7 @@ typedef std::map<base::string16, base::NullableString16> DOMStorageValuesMap;
// The quota for each storage area.
// This value is enforced in renderer processes and the browser process.
+// (Electron's dom_storage_limits.patch disables quota enforcement.)
const size_t kPerStorageAreaQuota = 10 * 1024 * 1024;
// In the browser process we allow some overage to
diff --git a/content/browser/dom_storage/storage_area_impl.cc b/content/browser/dom_storage/storage_area_impl.cc
index 4b48b5f16a3e..b9e83279d1fc 100644
--- a/content/browser/dom_storage/storage_area_impl.cc
+++ b/content/browser/dom_storage/storage_area_impl.cc
@@ -303,6 +303,8 @@ void StorageAreaImpl::Put(
// Only check quota if the size is increasing, this allows
// shrinking changes to pre-existing maps that are over budget.
+ // (Electron's dom_storage_limits.patch has disabled this.)
+ #if 0
if (new_item_size > old_item_size && new_storage_used > max_size_) {
if (map_state_ == MapState::LOADED_KEYS_ONLY) {
receivers_.ReportBadMessage(
@@ -313,6 +315,7 @@ void StorageAreaImpl::Put(
}
return;
}
+ #endif
if (database_) {
CreateCommitBatchIfNeeded();
diff --git a/third_party/blink/renderer/modules/storage/cached_storage_area.cc b/third_party/blink/renderer/modules/storage/cached_storage_area.cc
index d91fdc2a7d52..7cb3cbf34d3a 100644
--- a/third_party/blink/renderer/modules/storage/cached_storage_area.cc
+++ b/third_party/blink/renderer/modules/storage/cached_storage_area.cc
@@ -107,11 +107,14 @@ bool CachedStorageArea::SetItem(const String& key,
Source* source) {
DCHECK(areas_->Contains(source));
+ // (Electron's dom_storage_limits.patch has disabled this.)
+ #if 0
// A quick check to reject obviously overbudget items to avoid priming the
// cache.
if ((key.length() + value.length()) * 2 >
mojom::blink::StorageArea::kPerStorageAreaQuota)
return false;
+ #endif
EnsureLoaded();
String old_value;
diff --git a/third_party/blink/renderer/modules/storage/storage_area_map.cc b/third_party/blink/renderer/modules/storage/storage_area_map.cc
index 0da8a1e891ed..5a1811419030 100644
--- a/third_party/blink/renderer/modules/storage/storage_area_map.cc
+++ b/third_party/blink/renderer/modules/storage/storage_area_map.cc
@@ -113,10 +113,13 @@ bool StorageAreaMap::SetItemInternal(const String& key,
size_t new_quota_used = quota_used_ - old_item_size + new_item_size;
size_t new_memory_used = memory_used_ - old_item_memory + new_item_memory;
+ // (Electron's dom_storage_limits.patch has disabled this.)
+ #if 0
// Only check quota if the size is increasing, this allows
// shrinking changes to pre-existing files that are over budget.
if (check_quota && new_item_size > old_item_size && new_quota_used > quota_)
return false;
+ #endif
keys_values_.Set(key, value);
ResetKeyIterator();