Security of CORS on LocalStorage

Abstract

HTML5 is the next generation of web application. Its LocalStorage solves some problems that can use cookies alone, but also brings new potential safety vulnerabilities because of using CORS. This paper discuss basic principle for using CORS in LocalStorage, compare several different cross-domain schemes, focus on existing security risks in CORS. A test case is designed for further analysis how to protect user privacy information, and put forward a practical scheme and some strategy on using CORS. Finally, a solution of using CORS is summed up, and also give some suggestions to security of CORS.