Comments (8)
I agree
from cross-domain-local-storage.
Not sure I understand the "security implications" that you're talking about. Can u please describe a possible exploit?
The localStorage is saved on the client's machine. It's not accessible from other devices. The purpose of the "magic iframe" is to serve as a bridge between the two domains but on for the same client.
from cross-domain-local-storage.
I think that I see what you're talking about,. In case someone uses iframe X and then a malicious site uses this lib to read iframe X's localstorage. I guess it's fixable by limiting the onMessage to a known domain only. WDYT?
from cross-domain-local-storage.
I'm pretty sure that's exactly what has been proposed before such as in #17 and #19.
from cross-domain-local-storage.
Unfortunately #19 was never merged :/
from cross-domain-local-storage.
As I can see. Why not?
from cross-domain-local-storage.
there were missing tests and conflicts that were not fixed.
from cross-domain-local-storage.
Sometimes it's a good idea to work together on a PR instead of just demanding the author to make all the changes you want.
from cross-domain-local-storage.
Related Issues (20)
- Safari not setting cross domain localstorage HOT 8
- AngularJS - xdLocalStorageProvider.init() is called after the module.run() and controller initialize HOT 4
- Problems with getItem HOT 4
- Restricting domain by origins
- Does not handle case where iframe fails to load HOT 2
- Cannot read property 'contentWindow' of undefined
- Angular2 version HOT 12
- Add browser support to Readme HOT 1
- Please publish in NPM registry HOT 1
- angular 2 support HOT 1
- On enabling this functionality in my extension, my script is executing multiple times
- Adding an inter-window communications mechanism HOT 2
- Works well in AngularJS but not in Angular 6 HOT 2
- Cannot read property 'contentWindow' of undefined
- A little help with Vue.js users HOT 1
- NOT work on mobile safari HOT 4
- add mechanism to deal with exceptions
- permission mechanism
- Can not call methods of any angular service in the callback of any cross-domain-local-storage API HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cross-domain-local-storage.