| "Please Stop Using Local Storage" is not helpful and will confuse people who are unfamiliar with browser storage. I'm guessing the author meant, "Please Stop Storing Application Data in the Browser Instead of a Server-Side Persistence Layer (DB)". Local Storage is a specific thing in the browser and is useful in specific cases. I found a good comparison of all browser storage options on Quora:
https://www.quora.com/What-is-the-difference-between-session... I believe all of the author's stated shortcomings of local storage apply to all browser storage options. * String Only * Synchronous * No Web Worker Support * Size Limits (smaller for cookies but all have limits) * Any JavaScript code on the page has access (don't include scripts you don't trust) Also, keep in mind... * There is no guarantee the browser will encrypt the content on disk. I believe chrome encrypts cookies, but I'm don't think others do. I don't believe local storage is encrypted at all. Session storage & session cookies should only be in memory. You shouldn't be storing PII in the browser anyway. * These storage options can't be accessed by other domains as they conform to the same origin policy, but this is an important caveat: The "origin" of the script is the page it is executed in, not where it comes from. So, if you include <script src="http://somehacker.com/superLib.js"></script> it will execute in your origin and can access everything. Protect your users by only including scripts you know are safe.
* https://stackoverflow.com/questions/12543978/same-origin-pol...
* https://developer.mozilla.org/en-US/docs/Web/Security/Same-o... In short, do some research and use the right tool for the right job. |