[tbb-dev] window.localStorage and .sessionStorage deliberately broken for file:// URLs?
dev942 at sigaint.org
dev942 at sigaint.org
Sat Feb 20 09:17:31 UTC 2016
I'm working on an application that's distributed as a single HTML file
containing JavaScript, intended to be saved locally. The JavaScript then
makes various XMLHttpRequests to the network, to provide security
properties that a normal web application can't. That's kind of hacky (vs.
doing it as a browser extension or whatever), but I was hoping that would
make it easy to install in hardened, mostly-read-only OS installations.
That works in stock Firefox. It doesn't work in Tor Browser, because
window.localStorage (and .sessionStorage) fail for file:// URLs.
Is that deliberate? They work for http:// and https:// URLs, so it doesn't
seem like a security decision.
Thanks.
More information about the tbb-dev
mailing list