Constantly persisting everything in a web form to localstorage in case of browser, tab accidents is such a cheap and effective trick!
-
Marijke Luttekesreplied to Simon Willison last edited by
@simon I am excited about such a feature and worry about privacy. A sessionStorage might be safer.
-
@simon We recently added that sort of feature to MediaWiki: https://mediawiki.org/wiki/Help:Edit_Recovery (indexedDB rather than localStorage though, because it can store more).
-
@samwilson well this is fantastic! Thanks for the tip https://github.com/wikimedia/mediawiki/commit/404f3a205db30449cad532bd44411586ea56525b
-
Simon Willisonreplied to Marijke Luttekes last edited by
@mahryekuh I donat think privacy should be a problem at all if the data goes in localStorage, which means it never persists to the server - unless you have users who are sharing a browser?
-
Vít Skalický :fedora:replied to Simon Willison last edited by
@simon don't browsers do some level of form persistance if you use plain HTML forms?
-
Simon Willisonreplied to Vít Skalický :fedora: last edited by
@vitSkalicky not reliably in my experience
-
Marijke Luttekesreplied to Simon Willison last edited by
@simon I don't know the fine details, but it is (or was earlier this year) to access localStorage data from other domains:
Possible Access to Browser LocalStorage from Another Domain: A Security Concern
In modern web applications, LocalStorage is a popular technique used to store client-side data. However, it raises a security concern when data can be accessed from another domain. This article discusses the implications and possible solutions to prevent unauthorized access to LocalStorage across domains using examples with JavaScript and domains acme.com and ssrunningacme2.com.
(trycatchdebug.net)
-
Simon Willisonreplied to Marijke Luttekes last edited by
@mahryekuh it looks so me like that's only a problem if you have an XSS hole allowing attackers to execute malicious JavaScript, in which case localstorage leaks are the least of your problems!
-
Phil Johnstonreplied to Simon Willison last edited by
@simon @mahryekuh localStorage can affect someone who is using a public computer, like at a library. The next person to use the machine will have their form data available.
-
Simon Willisonreplied to Phil Johnston last edited by
@johnstonphilip @mahryekuh I guess you could encrypt it with a public key in the JavaScript and have a private key server-side that is only available when the user is signed into their account