Security Concerns

Shared localStorage

If you host multiple applications on the same domain, or use a domain which is controlled by someone else (for example: wordpress), the localStorage across these applications will be shared.

This can be a useful way to have multiple applications communicate with one another, but can also present a security issue, if you place sensitive data in the localStorage, or take actions on its value.

Keep this in mind when developing applications on shared hosting.

Note that ethers.space does not have this issue, since every application is hosted on its own domain name (eg. myapp.ethers.space).

Cross-Site Scripting (XSS)

@TODO: Explain cross-site scripting, sanitizing user input and ideally not setting innerHTML.

Cross-Site Foragery Requests (CSFR)

@TODO: Explain cross-site forgery requests, including session keys in URLs and verifying them.