Constantly persisting everything in a web form to localstorage in case of browser, tab accidents is such a cheap and effective trick!

mahryekuh@fosstodon.org

@simon I am excited about such a feature and worry about privacy. A sessionStorage might be safer.

samwilson@wikis.world

@simon We recently added that sort of feature to MediaWiki: https://mediawiki.org/wiki/Help:Edit_Recovery (indexedDB rather than localStorage though, because it can store more).

simon@fedi.simonwillison.net

@samwilson well this is fantastic! Thanks for the tip https://github.com/wikimedia/mediawiki/commit/404f3a205db30449cad532bd44411586ea56525b

simon@fedi.simonwillison.net

@mahryekuh I donat think privacy should be a problem at all if the data goes in localStorage, which means it never persists to the server - unless you have users who are sharing a browser?

vitskalicky@fosstodon.org

@simon don't browsers do some level of form persistance if you use plain HTML forms?

simon@fedi.simonwillison.net

@vitSkalicky not reliably in my experience

mahryekuh@fosstodon.org

@simon I don't know the fine details, but it is (or was earlier this year) to access localStorage data from other domains:

https://trycatchdebug.net/news/1157081/accessing-localstorage-across-domains

simon@fedi.simonwillison.net

@mahryekuh it looks so me like that's only a problem if you have an XSS hole allowing attackers to execute malicious JavaScript, in which case localstorage leaks are the least of your problems!

johnstonphilip@mstdn.social

@simon @mahryekuh localStorage can affect someone who is using a public computer, like at a library. The next person to use the machine will have their form data available.

simon@fedi.simonwillison.net

@johnstonphilip @mahryekuh I guess you could encrypt it with a public key in the JavaScript and have a private key server-side that is only available when the user is signed into their account