Menu
What vulnerabilities do i face, when coding a web app utilising localStorage, of a user inadvertently or deliberately delete localStorage data?
I'm happy to put a button saying "Delete my data", this is under my control, but are there ways beyond my control that localStorage data may be deleted? Or not used (ie. Incognito mode/private browsing mode)?
Thanks
535
Open the Google Chrome Console by pressing F12 key. Select “Application” in the console's top menu. Select “Local Storage” in the console's left menu. Right click your site(s) and click clear to delete the local storage.
Storage clear() Method The clear() method removes all the Storage Object item for this domain. The clear() method belongs to the Storage Object, which can be either a localStorage object or a sessionStorrage object.
If you're familiar with the browsers localStorage object, you know that there's no provision for providing an expiry time. However, we can use Javascript to add a TTL (Time to live) to invalidate items in localStorage after a certain period of time elapses.
localStorage is similar to sessionStorage , except that while localStorage data has no expiration time, sessionStorage data gets cleared when the page session ends — that is, when the page is closed.
Anyone can call localStorage.clear() from the console or location bar at any time. It's possible for a bookmarklet to be used to do the same thing.
Treat localStorage with the same volatility you'd treat a cookie. Assume that it can disappear at any time. It's best used for user-settings and temporary data. If a user clears it, be prepared to use default fall-backs or start the process over.
114
localStorage is editable by the user , it's similar to the cookies .
User can delete / edit it if he wants , so you should make ur tests on server sides ...
here's an example of how angry birds got hacked ...
http://thenextweb.com/apps/2011/05/11/angry-birds-for-chrome-already-hacked-unlocking-all-levels/
var i = 0;
while (i<=69) {
localStorage.setItem('level_star_'+i,'3');
i++;
}
window.location.reload();
Here's what we found a user can do on iPhone IOS4 and iPad IOS4.
Kill Safari Double tap your "action button", press and hold the safari button that shows up on the bottom. When the circle with an x in the middle shows up, click the x.
Clear the Safari cache Settings | Safari | Clear cache
Start Safari back up
Bad news - all sites local storage is cleared, not just yours!
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
