Reputation: 4962
Can an included script hosted on a different domain access localstorage from current domain
Is it possible for an included script that is hosted on a different domain to access the local storage of the current domain? This still remains unclear for me after reading https://developer.mozilla.org/de/docs/Web/API/Window/localStorage
For example:
mydomain.com includes <script src="https://www.youtube.com/iframe_api" async></script>. Can this included script access the localstorage from mydomain.com?
Upvotes: 3
Views: 249
Answers (1)
Reputation: 5664
Scripts you include in your page using <script> can definitely access Local storage, they are running in same origin as your other scripts. This is also the reason behind advisories on not to store authentication tokens inside Local storage, because an injected script using an XSS attack can read and write to the Local storage.
This is however different for an <iframe> since they have their own origin.
Upvotes: 2
Related Questions
- Use localStorage across subdomains
- Can we use the value of localStorage from other domains?
- cross domain localstorage with javascript
- Set a localStorage in a different domain
- Cross-domain localStorage with iframes (Chrome)
- localStorage access between two google app scripts deployed as web apps
- Scope of localStorage for subdomains
- Access root domain's localStorage from subdomain
- Cross domain localStorage
- Cross domain javascript to access localhost. Possible?