<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Yes, if you *really* need to persist sensitive data, sessionStorage
    is MUCH better than localStorage.<br>
    <br>
    From <a class="moz-txt-link-freetext" href="https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet">https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet</a> <br>
    <br>
    <meta charset="utf-8">
    <ul style="line-height: 1.5em; list-style-type: disc; margin: 0.3em
      0px 0px 1.6em; padding: 0px; list-style-image:
      url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAANAQMAAABb8jbLAAAABlBMVEX///8AUow5QSOjAAAAAXRSTlMAQObYZgAAABNJREFUCB1jYEABBQw/wLCAgQEAGpIDyT0IVcsAAAAASUVORK5CYII=);
      color: rgb(37, 37, 37); font-family: sans-serif; font-size: 14px;
      font-style: normal; font-variant: normal; font-weight: normal;
      letter-spacing: normal; orphans: auto; text-align: left;
      text-indent: 0px; text-transform: none; white-space: normal;
      widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;
      background-color: rgb(255, 255, 255);">
      <li style="margin-bottom: 0.1em;">Use the object sessionStorage
        instead of localStorage if persistent storage is not needed.
        sessionStorage object is available only to that window/tab until
        the window is closed</li>
    </ul>
    <p><br>
    </p>
    <br>
    <br>
    <div class="moz-cite-prefix">On 4/21/15 2:21 PM, Noreen Whysel
      wrote:<br>
    </div>
    <blockquote
      cite="mid:D9F4A40B-89A0-4F0F-93E3-C3AB9EA7AF3F@owasp.org"
      type="cite">
      <meta http-equiv="content-type" content="text/html;
        charset=windows-1252">
      <div>Anyone care to respond? Until I am a bit more up to speed on
        AppSec I think I will pass these on to the board list...</div>
      <div><br>
        <table style="border:1px solid black;padding:8px;">
          <tbody>
            <tr valign="bottom">
              <td width="48"><img moz-do-not-send="true"
src="https://pbs.twimg.com/profile_images/428524602201882624/pZkh1ErI_normal.jpeg"
                  style="width:48px;height:48px;padding-right:8px;"></td>
              <td><b>Ar0xA (<a moz-do-not-send="true"
                    href="https://twitter.com/ar0xa?refsrc=email&s=11">@Ar0xA</a>)</b></td>
            </tr>
            <tr>
              <td colspan="2">
                <div><a moz-do-not-send="true"
href="https://twitter.com/ar0xa/status/590391874411593728?refsrc=email&s=11">4/21/15,
                    1:49 AM</a></div>
                <div><a moz-do-not-send="true"
                    href="https://twitter.com/owasp">@owasp</a> any
                  arguments against/for sensitive data in html5
                  sessionStorage? w3c says "fine", but arent local
                  atacks an issue? anything else?</div>
              </td>
            </tr>
          </tbody>
        </table>
        <br>
        Download the official Twitter app <a moz-do-not-send="true"
          href="https://twitter.com/download?ref_src=MailTweet-iOS">here</a>
      </div>
      <div><br>
        <br>
        <span style="background-color: rgba(255, 255, 255, 0);">Noreen
          Whysel<br>
        </span><span style="background-color: rgba(255, 255, 255, 0);
          font-size: 13pt;">Community Manager</span>
        <div><span style="background-color: rgba(255, 255, 255, 0);">OWASP
            Foundation</span></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Owasp-board mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Owasp-board@lists.owasp.org">Owasp-board@lists.owasp.org</a>
<a class="moz-txt-link-freetext" href="https://lists.owasp.org/mailman/listinfo/owasp-board">https://lists.owasp.org/mailman/listinfo/owasp-board</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>