Slacker News Slacker News logo featuring a lazy sloth with a folded newspaper hat
  • top
  • new
  • show
  • ask
  • jobs
Library
← Back to context

Comment by ppseafield

6 years ago

I've found some places say localStorage is insecure, but both OWASP [0] and MDN [1] say it isolates by origin. Third party scripts from different origins shouldn't be able to access it, but a successful XSS attack could have access.

[0] https://cheatsheetseries.owasp.org/cheatsheets/Session_Manag...

[1] https://developer.mozilla.org/en-US/docs/Web/API/Web_Storage...

0 comments

ppseafield

Reply

No comments yet

Contribute on Hacker News ↗

Slacker News

Product

  • API Reference
  • Hacker News RSS
  • Source on GitHub

Community

  • Support Ukraine
  • Equal Justice Initiative
  • GiveWell Charities