Impact Area
Security
Severity
High
Affected Element
Client Script
Widget
Widget Angular Provider
UI Script
Rule number #
SN-0161
Impact #
Session storage and local storage are HTML 5 features which allow developers to easily store megabytes of data client-side, as opposed to the 4Kb cookies can accommodate. While useful to speed applications up on the client side, it can be dangerous to store sensitive information this way because the data is not encrypted by default and any script on the page may access it.
Remediation #
Avoid use of local storage in all client side code.
Time to fix #
45 min
References #
This rule is linked to Common Weakness Enumeration CWE-539 Information Exposure Through Persistent cookies.
Code examples #
Code examples #
Noncompliant code #
localStorage.setItem(“login”, login); // NoncompliantsessionStorage.setItem(“sessionId”, sessionId); // Noncompliant
Compliant code #
//Store sensitive data on the server side only.
