This page contains various code examples for the scenarios in the security cheat sheet on Secure data storage in the browser. The source code is available on GitHub.
Below, you can find links to the individual scenarios. You can also find links to malicious pages that attempt to steal data from the storage area. They abuse an XSS vulnerability in an error page running in the same origin as the scenario.
Scenario page | Pro | Con | Malicious page |
---|---|---|---|
Storing data in localStorage |
|
|
Open malicious page |
Storing data in sessionStorage |
|
|
Open malicious page |
Origin-isolated data storage |
|
|
Open malicious page |
Encrypted data storage with a server-provided key |
|
|
This scenario uses the same storage mechanism as Origin-isolated data storage |
Encrypted data storage with a user-provided password |
|
|
This scenario uses the same storage mechanism as Origin-isolated data storage |