DEV Community

Discussion on: Please Stop Using Local Storage

wwhurley profile image
William Hurley

Well, I find I'm rarely in a place where I'm too concerned about allowing untrusted mobile code into my application. Yes, you can end up with bad actors in things like NPM but an XSS attack is the least of my worries there. And elsewhere it's just a matter of sanitizing user input. Sadly there isn't a silver bullet. Which is why we can't have nice things.

Thread Thread
rdegges profile image
Randall Degges Author


Untrusted input is one vector -- but XSS comes from a lot of places: third-party JS (google analytics, etc.) -- domain compromise, DNS hijacking -- all over. It's significantly harder to prevent.

This article really only discusses the content from a web perspective, if you're doing native mobile stuff it's a whole different story =D