Sensitive data stored in HTML local storage detected.

Rule ID: javascript_lang_session
Languages: javascript
Source: session.yml

Description

Sensitive data should not be stored in a localStorage session. This policy looks for any sensitive data stored within the localstorage.

Remediations

It's best to avoid storing sensitive data in localStorage whenever possible. To keep session data safe, use a server-based session storage solution instead.

❌ If you do need do store data in localStorage, avoid including sensitive data:

localStorage.setItem('user', email)

✅ Instead, use a unique identifier:

localStorage.setItem('user', user.uuid)

Resources

OWASP sensitive data exposure

Associated CWE

CWE-312: Cleartext Storage of Sensitive Information

OWASP Top 10

A04:2021 - Insecure Design

Ready to take the next step? Join the Bearer Cloud waitlist.