翻译强力驱动What vulnerabilities do i face, when coding a web app utilising localStorage, of a user inadvertently or deliberately delete localStorage data?
I'm happy to put a button saying "Delete my data", this is under my control, but are there ways beyond my control that localStorage data may be deleted? Or not used (ie. Incognito mode/private browsing mode)?
Thanks
localStorage is editable by the user , it's similar to the cookies .
User can delete / edit it if he wants , so you should make ur tests on server sides ...
here's an example of how angry birds got hacked ...
http://thenextweb.com/apps/2011/05/11/angry-birds-for-chrome-already-hacked-unlocking-all-levels/
var i = 0; while (i<=69) { localStorage.setItem('level_star_'+i,'3'); i++; } window.location.reload();Anyone can call localStorage.clear() from the console or location bar at any time. It's possible for a bookmarklet to be used to do the same thing.
Treat localStorage with the same volatility you'd treat a cookie. Assume that it can disappear at any time. It's best used for user-settings and temporary data. If a user clears it, be prepared to use default fall-backs or start the process over.
Here's what we found a user can do on iPhone IOS4 and iPad IOS4.
Kill Safari Double tap your "action button", press and hold the safari button that shows up on the bottom. When the circle with an x in the middle shows up, click the x.
Clear the Safari cache Settings | Safari | Clear cache
Start Safari back up
Bad news - all sites local storage is cleared, not just yours!