[iddan]

The OPFS is subject to browser quota restrictions.

[lol768]

So any sufficiently motivated/funded malicious actor who can register a whole bundle of domains can use up 50% of the entire free space on my disk? Am I getting this right?

Is the only defense against this the requirement for per-origin permission to be granted?

[roca]

That's been true for over a decade. Hasn't happened in the wild though AFAIK. I don't think there's an incentive for anyone to do this.

[sgbeal]

> The OPFS is subject to browser quota restrictions.

FWIW, 256mb last i checked (summer 2022). Perhaps less on mobile browsers, but that's just speculation.

[ur-whale]

Which means nothing unless the defaults are restrictive.

What are the default browser quota restrictions on install?

[maccard]

Docs here - https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_A...

[madeofpalk]

OPFS doesn't really change this concern that much. IndexedDB already allows for relatively arbitary blobs of data to be stored per site (subject to existing quotas)

[account42]

IndexedDB should also be disabled by default. Adding more and more storage options instead of restricting the existing ones that are already being abused is madness.