Menu
Is it possible for an included script that is hosted on a different domain to access the local storage of the current domain? This still remains unclear for me after reading https://developer.mozilla.org/de/docs/Web/API/Window/localStorage
For example:
mydomain.com includes <script src="https://www.youtube.com/iframe_api" async></script>. Can this included script access the localstorage from mydomain.com?
484
Scripts you include in your page using <script> can definitely access Local storage, they are running in same origin as your other scripts. This is also the reason behind advisories on not to store authentication tokens inside Local storage, because an injected script using an XSS attack can read and write to the Local storage.
This is however different for an <iframe> since they have their own origin.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
