Y
Hacker News
new
|
ask
|
show
|
jobs
by
pheew
75 days ago
I’m all for replacing as much 3rd party libs with stdlib but it’s hard to look past the storing of the jwt in localStorage. Please don’t do that people. It’s very easily extracted through xss attacks.
1 comments
moi2388
75 days ago
A cookie is susceptible to both xss and CSRF. You ought to be protecting against xss anyway.
link