HTML and CSS Reference
Additional Considerations on Using
The new client-side storage APIs introduced in HTML5 are truly wonderful things, but you should carefully con-
sider whether using them adds value to your web application. For some applications, using client-side storage is a
no-brainer; for others, you may be better off storing your data on a web server as people have done for the last few
decades. The purpose of client-side storage is to enhance the user experience. Be careful that you don't become too
eager to use it and end up diminishing it.
Browser vendors have already done a lot of work to help make client-side storage secure; however, it is important
that you understand what has and has not been taken care of for you, so that you can build secure applications. In the
following sections, you explore some of the factors to consider when using client-side storage in your applications.
How much data will your application require? With client-side storage, all that data will be taking up valuable space
on the user's hard drive, and you don't want to allow websites to store gigabytes of data and fill up your user's drive.
To prevent this problem, browser vendors have imposed a limit on the amount of storage space that each application
can use. The official specification outlines that 5 megabytes is an acceptable level of storage space; ultimately,
however, it is up to the browser vendor to decide how much storage space to make available. In reality, browsers cur-
rently allow between 2.5 and 5 megabytes of data to be stored. You have to think worst-case in these sorts of scenari-
os, so that means you can only rely on 2.5 megabytes being available. Design your applications with this in mind.
You can use the Web Storage Support Test tool to track the amount of storage available in various browsers, as well
as test the amount available in the one you are using. You can find this tool at http://dev-
User tracking refers to the practice of tracking what a user is doing on a website (for example, the pages and
products the person views). This data is often used by a third party to carry out targeted advertising. This practice is
commonplace today and is achieved by placing a unique identifier in a cookie that can then be used to track a user as
he or she navigates the website.
However, some privacy concerns surround this sort of activity. User tracking can also be carried out using the
LocalStorage API. Learning from the lessons of the past, the standards organizations have begun to think about how
this sort of use case can be handled in a way that is more respectful of the user's privacy.
The WebStorage specification published by the W3C makes recommendations that browser vendors should follow to
help protect the privacy of their users. These include making it easier for users to delete data that has been stored on
the client and allowing them to blacklist websites that they do not want to have access to client-side storage. The
W3C is also considering the suggestion that these blacklists should be combined so that all the browser vendors can
see which sites are abusing client-side storage and take necessary precautions to protect their users.