|
|
|
|
|
|
by szmarczak
6 days ago
|
|
|
> There's a reason "don't use local storage for security sensitive stuff" is part of the OWASP cheatsheet Local storage was released more than 16 years ago, and back then PHP was wayy too popular. XSS is almost impossible to execute these days (unless you do selfxss). Discord has mitigations for grabbing the token from local storage: https://news.ycombinator.com/item?id=48563286 |
|
|