Email or username:

Password:

Forgot your password?
Simon's posts Post Back to profile
Simon Willison

Constantly persisting everything in a web form to localstorage in case of browser, tab accidents is such a cheap and effective trick!
mastodon.social/@timbornholdt/

25 October at 19:11 | Open on fedi.simonwillison.net
12 comments
Simon Willison

I keep meaning to knock up a little bit of JavaScript for the Django Admin that does this automatically for every add form

25 October at 19:14 | Open on fedi.simonwillison.net
Marijke Luttekes

@simon I am excited about such a feature and worry about privacy. A sessionStorage might be safer.

25 October at 19:22 | Open on fosstodon.org
Simon Willison

@mahryekuh I donat think privacy should be a problem at all if the data goes in localStorage, which means it never persists to the server - unless you have users who are sharing a browser?

25 October at 20:34 | Open on fedi.simonwillison.net
Marijke Luttekes

@simon I don't know the fine details, but it is (or was earlier this year) to access localStorage data from other domains:

trycatchdebug.net/news/1157081

25 October at 22:40 | Open on fosstodon.org
Simon Willison

@mahryekuh it looks so me like that's only a problem if you have an XSS hole allowing attackers to execute malicious JavaScript, in which case localstorage leaks are the least of your problems!

25 October at 22:42 | Open on fedi.simonwillison.net
Phil Johnston

@simon @mahryekuh localStorage can affect someone who is using a public computer, like at a library. The next person to use the machine will have their form data available.

25 October at 23:57 | Open on mstdn.social
Simon Willison

@johnstonphilip @mahryekuh I guess you could encrypt it with a public key in the JavaScript and have a private key server-side that is only available when the user is signed into their account

26 October at 2:07 | Open on fedi.simonwillison.net
chebra

@simon @mahryekuh If you disable cookies, it will also disable localStorage. Because saving a tracking ID into localStorage is the same as saving a tracking cookie. They can track that you are the same guy who visited their website a week ago and forward that data to advertisers for aggregation. The number of websites that don't need localStorage, but throw errors when my localStorage is disabled, is damn too high! I simply leave when that happens on the landing page.

26 October at 5:05 | Open on mstdn.io
Sam Wilson

@simon We recently added that sort of feature to MediaWiki: mediawiki.org/wiki/Help:Edit_R (indexedDB rather than localStorage though, because it can store more).

25 October at 19:58 | Open on wikis.world
Vít Skalický :fedora:

@simon don't browsers do some level of form persistance if you use plain HTML forms?

25 October at 20:43 | Open on fosstodon.org
Go Up