Gregory's Server
@simon I don't know the fine details, but it is (or was earlier this year) to access localStorage data from other domains:
https://trycatchdebug.net/news/1157081/accessing-localstorage-across-domains
|
3 comments
@simon @mahryekuh localStorage can affect someone who is using a public computer, like at a library. The next person to use the machine will have their form data available.  @johnstonphilip @mahryekuh I guess you could encrypt it with a public key in the JavaScript and have a private key server-side that is only available when the user is signed into their account |
@mahryekuh it looks so me like that's only a problem if you have an XSS hole allowing attackers to execute malicious JavaScript, in which case localstorage leaks are the least of your problems!