March 20, 2011

HTML5 Full LocalStorage Stealth by XSS

HTML 5 has various features, one of the is the LocalStorage. Before HTML 5, the browser used to save users' thin content in a cookie (up to 8KB), However HTML 5 allows to save more content in a storage which is limited by the developer (up to 10MB).

Is the localStorge dangerous?
As most answers for the development questions - it depends.
If a confidential information is stored on the localStorage then YES, otherwise not.
In order to illustrate, A "SessionID" should be considered as confidential since an attacker might use it in order to get access to the application.

How to steal the localStorage?
An XSS attack can be implemented in order to steal all the contents of the storage. I would like to share my sample script which steals all keys in the localStorage:

Can we protect the localStorage?
As mentioned above, confidential information can be stolen. Therefore it is recommended to save confidential information on a cookie (since it has the "HttpOnly" method). Of course, XSS prevention actions should be taken.

1 comment: