Sensitive data stored in HTML local storage detected.

  • Rule ID: javascript_lang_session
  • Languages: javascript
  • Source: session.yml


Sensitive data should not be stored in a localStorage session. This policy looks for any sensitive data stored within the localstorage.


It's best to avoid storing sensitive data in localStorage whenever possible. To keep session data safe, use a server-based session storage solution instead.

❌ If you do need do store data in localStorage, avoid including sensitive data:

localStorage.setItem('user', email)

✅ Instead, use a unique identifier:

localStorage.setItem('user', user.uuid)


Associated CWE

OWASP Top 10

Ready to take the next step? Join the Bearer Cloud waitlist.