I am learning HTML, Javascript, etc., and decided to make a small web app on the Chrome Web Store as an educational project. The app stores a few bits of important data in localStorage (essentially small saved text files), and I was wondering if this implementation choice is too fragile. I know that the user will lose data if their hard drive dies or they manually delete it, but is the data in danger under normal circumstances? For example, does Chrome ever decide to clean out localStorage for maintenance reasons?
Thanks, Alex
Local storage wasn't designed to be used as a secure storage mechanism in a browser. It was designed to be a simple string only key/value store that developers could use to build slightly more complex single page apps. That's it.
localStorage is similar to sessionStorage , except that while localStorage data has no expiration time, sessionStorage data gets cleared when the page session ends — that is, when the page is closed.
On the downside, localStorage is potentially vulnerable to cross-site scripting (XSS) attacks. If an attacker can inject malicious JavaScript into a webpage, they can steal an access token in localStorage. Also, unlike cookies, localStorage doesn't provide secure attributes that you can set to block attacks.
As local storage was never intended to be secure, there is no data protection and any JavaScript on the website can access it. Hackers can exploit the existing XSS vulnerability on the website like the following screenshot when the user browses to https://set-localstorage.herokuapp.com/xss-injected-page.html.
By default, Chrome deletes everything - including local storage - when you select "Clear Browsing Data", which some users might do if they're told to do something like "empty your browser's cache" without realising the implications.
The HTML5 spec doesn't specify anything with regards to the safety of data, possibly because it's a very young draft. I'd play it on the safe side and store that data in the cloud as well - it's what your users expect.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With