iOS (and Android I think, but I primarily dev iOS so that's where my knowledge is) won't let a website exceed a 5MB local storage limit without explicit user consent...so I suppose still technically possible, but not without getting the user to agree to it first.
I wonder if you could still perform a DOS by doing the following:
- register 1000 domains
- when the browser navigates to the first domain, store 5Mb
- once the store has finished, redirect to the next domain
- repeat steps 2-3 ad infinitum
The documentation at http://dev.w3.org/html5/spec/offline.html#disk-space states that "care should be taken to ensure that the restrictions cannot be easily worked around using subdomains", so one would really have to use different domains as you write, which sounds a bit costly.
A malicious actor might write a wordpress worm to assemble a domain botnet and cross-link them all to each other such that visiting one stores 5 megs of nonsense from every site on a visitor's client.
You can store up to 50 mb in appcache (instead of localstorage) in mobile safari. You can also store 50 mb in the web sql storage, but i don't know if that shares the appcache storage or is counted separately. The 5 mb limit for localstorage is because that's what the spec recommends.