TRIAL REQUEST A DEMO LOGIN

Javascript - Avoid use of local storage on Client Scripts

Impact area

Security

Severity

High

Affected element

Client Script

Widget

Widget Angular Provider

UI Script


Rule number

SN-0149

Impact

Session storage and local storage are HTML 5 features which allow developers to easily store megabytes of data client-side, as opposed to the 4Kb cookies can accommodate. While useful to speed applications up on the client side, it can be dangerous to store sensitive information this way because the data is not encrypted by default and any script on the page may access it.

Remediation

Avoid use of local storage in all client side code.

Time to fix

45 min

References

This rule is linked to Common Weakness Enumeration CWE-539 Information Exposure Through Persistent cookies.

What's here


Related content

JavaScript rules

JavaScript best practices

Sensitive Data Exposure

Common Weakness Enumeration (CWE™)




Last modified on Oct 13, 2020
Copyright © QualityClouds 2021