Tried to use this package in a universal(read: isomorphic) app. It threw cannot read property 'documentElement' of undefined.

What I was hoping that this package would just noop in the server and work as expected in the browser. I would be down to form a PR for this. It just involves checking for property existence.

After upgrading from 2.0.4 to2.0.8, i got this error:

Error: store.js: No supported storage has been added! Add one (e.g store.createStore(require('store/storages/cookieStorage')) or use a build with more built-in storages (e.g https://github.com/marcuswestin/store.js/tree/master/dist/store.legacy.min.js)

We tried loading store.js into a site that had require.js (which was outside our control and loaded modules unrelated to what we were doing).

We use window.store to access store. In this case, define.amd was defined so the code tries to call define(store) instead.

Because window.store is not defined, our code doesn't run.

NOTE: This is related to Issue #91 but is a different problem.

If you attempt to use a number, or a string starting with a number, as a key, then IE 7 will throw an error, e.g.

This name may not begin with the '1' character

I’m not sure if using numbers or strings starting with numbers as keys is meant to be supported, but it seems to work in IE 8 and other browsers.

Test page:

<!doctype html>
<html lang="en">
<head>
    <meta charset="utf-8">

    <script type="text/javascript" src="store.js"></script>

    <title>Test store.js</title>
</head>
<body>

<button onclick="store.set('string', 'value');"><code>store.set('string', 'value')</code></button>

<button onclick="store.set('123456', 'value');"><code>store.set('123456', 'value')</code></button>

<button onclick="store.set(123456, 'value');"><code>store.set(123456, 'value')</code></button>

<br>
<br>

<button onclick="alert(store.get('string', 'value'));"><code>store.get('string', 'value')</code></button>

<button onclick="alert(store.get('123456', 'value'));"><code>store.get('123456', 'value')</code></button>

<button onclick="alert(store.get(123456, 'value'));"><code>store.get(123456, 'value')</code></button>

</body>

</html>

I’ve worked around the issue by patching store.js to append 'string_' to the key within the get(), set() and remove() functions passed to withIEStorage(), but I’m not sure if this is optimal.

Closes #183

• Adds a compression plugin, which uses get and set directly
• Users can opt out of compression using an extra argument, ex) store.get('key', true), store.set('key', 'value', true)
• Adds lz-string to plugins/lib
• Simple compress and decompress tests

This is pretty simple. I'm not sure how I should be handling namespacing, or if I even need to.

I'm getting a Sentry report for Mobile Safari raising SecurityError when running Global.localStorage.

store/storages/localStorage.js line 13:

var localStorage = Global.localStorage

User agent:

Mozilla/5.0 (iPad; CPU OS 10_2_1 like Mac OS X) AppleWebKit/602.4.6 (KHTML, like Gecko) Version/10.0 Mobile/14D27 Safari/602.1

I finally found store.js while researching strange Javascript errors that I've encountered in my logs for some time now.

It seems like some quite popular Chrome plugin uses store.js, so it gets executed on my site even though I do not use store.js myself.

The problem is that store.js breaks my site! It confuses Dojo's AMD loader (and probably any other AMD loader too) when being loaded via a script tag in an AMD environment.

So when a page or browser plugin includes it via <script src="store.min.js"></script> when e.g. the Dojo Toolkit was loaded before, store.js will call define(store), but the AMD loader will be unable to find out where that define came from and cannot determine any module ID. It will then fall back to the last used module ID, which can break things quite heavily.

So define(store) should be changed to define('store', store) to provide an explicit module ID.

Hi,

It would be nice to be able to set a namespace when using store.js, because if you use store on your website and do a store.clear(), it clear all the localStorage and you can probably impact other websites that are using localStorage too.

It could be something like :

store.set('username', 'marcus') // 'username' => 'marcus'
store.get('username') // 'marcus'
store.clear() // clear ALL the localStorage

store.namespace('myNameSpace'); 

store.set('username', 'john') // 'myNameSpace.username' => 'john'
store.get('username') // 'john'
store.clear() // clear all myNameSpace keys in localStorage

in safari private mode, localStorage object is available but fails to store objects

http://stackoverflow.com/questions/14555347/html5-localstorage-error-with-safari-quota-exceeded-err-dom-exception-22-an

Apparently this is by design. When Safari (OS X or iOS) is in private browsing mode, it appears as though localStorage is available, but trying to call .setItem throws an exception.

store.js line 73 "QUOTA_EXCEEDED_ERR: DOM Exception 22: An attempt was made to add something to storage that exceeded the quota."

What happens is that the window object still exposes localStorage in the global namespace, but when you call setItem, this exception is thrown. Any calls to .removeItem are ignored.

I believe the simplest fix (although I haven't tested this cross browser yet) would be to alter the function isLocalStorageNameSupported() to test that you can also set some value.

currently:

function isLocalStorageNameSupported() {
    try { return (localStorageName in win && win[localStorageName]) }
        catch(err) { return false }
}

proposed:

function isLocalStorageNameSupported() {
    try { 
        var supported = (localStorageName in win && win[localStorageName]);
        if (supported) { localStorage.setItem("storage", ""); localStorage.removeItem("storage");
        return supported;
    }
    catch(err) { return false }
}

Of course it's kind of silly to call this every time you want to check that storage is supported, so you could memoize it, but you get the idea.

Goal

Use encryption for storing data for non-public app areas.

Description

As far as I know, browsers store DOM storage on disk in unencrypted files, DOM storage is accessible from all domain paths (except IE UserData) and doesn't expire.

This may be considered as security issue on shared workstations in cases when client-side app doesn't clear user data (browser crash/ closed window) or browser decides to keep them (temporary files).

I see the simplest solution in encrypting storage data after serializing to JSON and decrypt before deserializing.

It's up to the developer to come up with idea how to obtain secure key/ token; assuming encrypted storage makes sense for non-public areas (user is logged in), one can possibly use server-side unique session token. Once server-side session expires, token is not available anymore. When there is no token, previously saved data theoretically become undecryptable junk (and may be removed client-side on next execution).

This should limit access to user data.

Drawback: Storage values take quite more space (depends on encoding);

Inspiration: dojo.storage.encrypted

Implementation

Configuration for Crypto.js, but any crypt library with methods encrypt( value ) and decrypt( encrypted ) should work:

store.crypt = {
    key: App.token, // ie. 'c015dc1d6028a6815ac944c8512c10db',
    encrypt: function( plaintext ) {
        return CryptoJS.AES.encrypt( plaintext, this.key ).toString();
    },
    decrypt: function( encrypted ) {
        return CryptoJS.AES.decrypt( encrypted, this.key ).toString( CryptoJS.enc.Utf8 );
    }
}

Proposed changes to store.js code (didn't test):

store.serialize = function(value) {

    var serialized = JSON.stringify( value );

    if ( store.crypt ) { serialized = store.crypt.encrypt( serialized ); }

    return serialized;
}


store.deserialize = function(value) {

    if ( typeof value !== 'string' ) { return undefined; }

    if ( store.crypt )
    {
        try {
            value = store.crypt.decrypt( value );
        } catch (e) {
            return undefined;
        }
    }

    return JSON.parse( value );
}

I'd like to discuss this idea with more proficient developers as I don't have much experience with client-side encryption.

Bumps shell-quote from 1.6.1 to 1.7.3.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps is-my-json-valid from 2.16.0 to 2.20.6.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps cached-path-relative from 1.0.1 to 1.1.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

How to fix it

To solve this problem, the explanations related to it were read first. After studying the code, searching, researching and developing (R&D) about this problem, it was finally solved as follows: First, Double quotation was converted to single quotation using regex format. Then the Parse function was used for this conversion.

Erfan Kamalian web programming course -- Sharif University of Technology