Shubham Mogarkar
03/22/2024, 10:12 AMuli
03/22/2024, 11:47 AMIf you use localStorage for persisting access tokens and an attacker manages to run foreign JavaScript code within your application, the attacker can exfiltrate any tokens and call APIs directly. Moreover, XSS also allows attackers to manipulate data in the local storage of the application, meaning attackers can change the token.
https://thenewstack.io/best-practices-for-storing-access-tokens-in-the-browser/russhwolf
03/23/2024, 5:27 PMuli
03/24/2024, 12:49 PM