Replies: 1 comment 1 reply
-
The short answer is: if something malicious can read The only exception I can think of: you snapshot form fields including a password, someone fills it out, then navigates to an external site, leaves their laptop unattended, and someone navigates back and gets their password that way. If you were building a website for the CIA then I probably wouldn't do that. But even then it's just matching the behaviour that the browser would give you for a traditional app via bfcache — collectively, browser vendors have deemed the 'someone gets access to your laptop' threat model not worth designing around. |
Beta Was this translation helpful? Give feedback.
-
Snapshots which is recently added feature to SvelteKit is very nice and perfomant, but I noticed a behaviour where it stores the data in sessionStorage and also preserves it untill the website/tab is closed , now a user-password also can be a form field which storing it there might be risky, is this a safe thing to do or there should be some solution to this?
Beta Was this translation helpful? Give feedback.
All reactions