@simon I am excited about such a feature and worry about privacy. A sessionStorage might be safer.
Top-level
@simon I am excited about such a feature and worry about privacy. A sessionStorage might be safer. 6 comments
@simon I don't know the fine details, but it is (or was earlier this year) to access localStorage data from other domains: https://trycatchdebug.net/news/1157081/accessing-localstorage-across-domains @mahryekuh it looks so me like that's only a problem if you have an XSS hole allowing attackers to execute malicious JavaScript, in which case localstorage leaks are the least of your problems! @simon @mahryekuh localStorage can affect someone who is using a public computer, like at a library. The next person to use the machine will have their form data available. @johnstonphilip @mahryekuh I guess you could encrypt it with a public key in the JavaScript and have a private key server-side that is only available when the user is signed into their account @simon @mahryekuh If you disable cookies, it will also disable localStorage. Because saving a tracking ID into localStorage is the same as saving a tracking cookie. They can track that you are the same guy who visited their website a week ago and forward that data to advertisers for aggregation. The number of websites that don't need localStorage, but throw errors when my localStorage is disabled, is damn too high! I simply leave when that happens on the landing page. |
@mahryekuh I donat think privacy should be a problem at all if the data goes in localStorage, which means it never persists to the server - unless you have users who are sharing a browser?