Strictly speaking, yes, anything stored in local/session storage (which I’ll call HTML5 Storage) could be stolen in a cross-site scripting (XSS) attack. See this article. There are a lot of moving parts to consider, however. First, there are subtle differences in how HTML5 Storage and cookies are scoped with respect to JavaScript access. HTML5 Storage … Read more
Firefox Firefox stores localstorage in webappsstore.sqlite file in the profile folder. Firefox (Windows XP): C:\Documents and Settings\<Windows login/user name>\Application Data\Mozilla\Firefox\Profiles\<profile folder>\webappsstore.sqlite Firefox (Windows Vista and above): C:\Users\<Windows login/user name>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile folder>\webappsstore.sqlite or: %APPDATA%\Mozilla\Firefox\Profiles\<profile folder>\webappsstore.sqlite Firefox on linux: ~/.mozilla/firefox/<profile folder>/webappsstore.sqlite Firefox on mac: ~/Library/Application Support/Firefox/Profiles/<profile folder>/webappsstore.sqlite or: ~/Library/Mozilla/Firefox/Profiles/<profile folder>/webappsstore.sqlite Chrome Chrome stores in separate files inside the … Read more