DEV Community


Discussion on: Please Stop Using Local Storage

rdegges profile image
Randall Degges Author


Untrusted input is one vector -- but XSS comes from a lot of places: third-party JS (google analytics, etc.) -- domain compromise, DNS hijacking -- all over. It's significantly harder to prevent.

This article really only discusses the content from a web perspective, if you're doing native mobile stuff it's a whole different story =D