Javascript Http Response In Local Storage

Description

Detects when HTTP response data is stored in browser localStorage, which is an insecure client-side storage mechanism. This creates security risks since sensitive response data stored in localStorage is accessible to any JavaScript code running on the page and persists even after the session ends.

Weakness:

344 - Lack of data validation - Non Sanitized Variables

Category: Unexpected Injection

Detection Strategy

• Identifies assignments or writes to localStorage in JavaScript code

• Checks if the data being stored comes from HTTP response data

• Reports a vulnerability when HTTP response content is stored directly in localStorage without encryption

• Focuses on localStorage.setItem() calls and direct assignments to localStorage properties

Vulnerable code example

const client = new XMLHttpRequest();
client.open("GET", "http://example.com/api", true);
client.send();

client.onload = function() {
  if (this.status === 200) {
    // Vulnerable: Storing untrusted XML response directly in localStorage
    localStorage.setItem("response", this.responseXML);...

✅ Secure code example

const client = new XMLHttpRequest();
// Use HTTPS to ensure transport security
client.open("GET", "https://example.com/api", true);

client.onload = function() {
  if (this.status === 200 && this.responseXML) {
    // Parse and validate XML before storing specific values
    const parsed = this.responseXML.querySelector('data');...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.