← Back to context

Comment by nottorp

7 days ago

Isn't this a security hole waiting to be exploited?

How does the browser handle access control to the local storage, especially offline when they aren't loaded from the same site?

[Yes, I really don't know. Yes, I'm asking. Not everyone is a web dev.]

9 comments

nottorp

Reply

sltkr 7 days ago

From the post:

> As TabSub uses local store this only works on the same domain, as the browser separates the local storage by domains as security measure.

(More precisely, the separation is based on origin, which is roughly the combination of protocol, hostname, and port.)

The conclusion is this only works between tabs that have the same website open.

nottorp 7 days ago
But it's offline, what's the website? Or offline doesn't mean offline?
- godot 7 days ago
  
  I think in their case, offline is as in you don't need to set up a pubsub server and the client doesn't have to talk to a server for the specific pubsub functionality, not as in "use this for offline web pages/html files locally" (it may or may not work for that, I have no idea, didn't look).
  
  1 reply →
- l1am0 7 days ago
  
  It means, that you don't need an internet connection for this to work :) (so it is no rabbitmq or so which runs on a server and the browser is just the client)
  You can try on the demopage when you
  1. play the songs each (for them to buffer a little audio snippet)
  2. open the page in a second tab
  3. Disconnect from the internt
  Still works :D
  
  3 replies →
- crabmusket 6 days ago
  
  Websites can work without internet connection after the initial visit: https://developer.mozilla.org/en-US/docs/Web/Progressive_web...