Is localStorage a security risk?

Is LocalStorage secure?

In summary, LocalStorage is a good and secure way to store publicly accessible, non-sensitive data that can be converted to a string, is less than 5 MB in size, should not be accessible by workers, and is not accessed often. Otherwise, other options should be considered.

What are the risks of local storage?

If a site is vulnerable to XSS, LocalStorage is not safe Local storage shares many of the same characteristics as a cookie, including the same security risks. One of those is susceptibility to cross-site scripting, which steals cookies to let hackers masquerade as a user with their login session for a site.

Can LocalStorage be hacked?

Local storage is bound to the domain, so in regular case the user cannot change it on any other domain or on localhost. It is also bound per user/browser, i.e. no third party has access to ones local storage. Nevertheless local storage is in the end a file on the user's file system and may be hacked.

Is LocalStorage more secure than cookies?

Although cookies still have some vulnerabilities, it's preferable compared to localStorage whenever possible. Why? Both localStorage and cookies are vulnerable to XSS attacks, but it's harder for the attacker to do the attack when you're using httpOnly cookies.