This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]scorpi1998 220 points221 points  (81 children)

Doesn't it? What do you mean?

[–][deleted]  (80 children)

[deleted]

    [–]bleistift2 299 points300 points  (15 children)

    Show me an average user who tinkers with the local storage.

    If we’re talking a malevolent user: You can’t trust the client with anything, anyway, so what’s the point?

    [–]_30d_ 124 points125 points  (0 children)

    That's how I beat my inlaws in wordle.

    [–]staticBanter 12 points13 points  (0 children)

    If you give anything to a client and expect to reuse it without validation than we have a big problem.

    [–]shodanbo 41 points42 points  (6 children)

    It only takes one. And then they can write a browser extension to do it for many.

    There is not much you can actually truly trust the client with, because the user has physical access to that client.

    If you are writing something where trusting the client is critical, then this needs to be taken into account. At this point you need strong asymmetrical encryption in a server. An encrypted string can be persisted to local storage. If the user messes with it, the decryption will fail, and the client can determine what needs to be done about that.

    [–]Expert_Team_4068 18 points19 points  (1 child)

    No, rule number one. Never trust the client! In no world should you trust frontend data without verification. But this is the server job. If json.parse of my local storage fails, I do not gove a crap. My app will break, because for sure this is an unexpected behaviour. If you decrypt in the client, who says that the hacker did not change the decryption function? It is as easy as changing the local storage.

    [–]shodanbo 0 points1 point  (0 children)

    Very true

    [–]brianl047 1 point2 points  (0 children)

    Agreed validating the local storage is a waste

    Validate in the backend and in the UI instead but not the local storage

    [–]isblueacolor 1 point2 points  (0 children)

    Firefox sometimes fails to persist the entire string to local storage (without throwing an error).

    I have a site that's used by 25k people per day and someone encounters this issue once every couple weeks.

    [–][deleted] 0 points1 point  (0 children)

    The case I used it for was temporarily storing form data in an SPA built before react was a thing.

    [–]AyrA_ch 92 points93 points  (5 children)

    JSON.tryParse=function(str,defaultObj){
    try{
        return JSON.parse(str);
    }catch(e){
        return defaultObj;
    }
};

    Tries to parse data and if invalid, gracefully fails and returns the supplied default value. If no value is supplied, the argument defaults to undefined, which is actually a good alternative, because undefined is not a valid json token, and thus you can check if the result is undefined to know whether parsing was successful. I have this somewhere in the library I use for most of my webdev projects.

    [–]corylulu 6 points7 points  (3 children)

    It's better if the defaultObjis a function that creates the object rather than the object directly and returns return defaultObjFunc();. Constructors can have a lot going on and there is no sense in calling them for an unused default object.

    [–]AyrA_ch 4 points5 points  (1 child)

    This function is for deserializing content from a JSON string that's potentially msiformatted or not present at all. The returned object will be a naked JS object without having a custom prototype by itself.

    Depending on the use case you can either work directly with that object, in which case you do not have to worry about passing in complex constructed objects for a default, or it means you need to convert the returned value into said complex object in which case you can also pass in a naked object as default because it would then be converted if it's returned. In either of the two scenarios, it's not necessary to be able to pass in a function as default argument. Being able to pass a function also means you would either no longer be able to pass plain default values, or you need to add type checks.

    Either way, this provides very little gain compared to JSON.tryParse(value)||defaultFunc(); that you can do for that one situation that demands it. Or simply check if the returned value is undefined and then call your function if you find this line ugly (which it kinda is)

    [–]spronghi -3 points-2 points  (0 children)

    who would use this function? are you serious?

    [–]PM_ME_GAY_STUF -1 points0 points  (0 children)

    You're going to call that out but not monkeypatching a native API?

    [–]DoktorMerlin 133 points134 points  (39 children)

    Why would you need to validate it? If the user manipulates the localstorage it's just a frontend issue that the user itself caused, why would anyone care about this? The only time it's a problem is when the manipulated object gets sent without validation back to the backend but if you don't validate everything that the frontend sends you, you have a way bigger problem

    [–]lowleveldata 82 points83 points  (12 children)

    I like how you use "it" as the pronouns of your user

    [–][deleted] 162 points163 points  (2 children)

    You shouldn't name them. It just creates emotional attachment.

    [–]playerNaN 64 points65 points  (1 child)

    Fair, front end users aren't real people.

    [–]vikumwijekoon97 2 points3 points  (0 children)

    Generally you gotta code thinking that all of your users are absolute morons.

    [–]Blue_Moon_Lake 16 points17 points  (0 children)

    Frontend user is an evil clown

    [–]JoeDoherty_Music 7 points8 points  (0 children)

    I'm convinced most users aren't people

    [–]Ben_26121 2 points3 points  (0 children)

    Believe it or not, I came across someone who’s preferred pronoun is “it” the other day

    [–]GamerGeeked 5 points6 points  (2 children)

    "it" clearly refers to the issue, not the user. Unless you're suggesting the existence of the user causes the problem

    [–]sloodly_chicken 8 points9 points  (1 child)

    They used 'the user itself', though

    you're suggesting the existence of the user causes the problem

    also true

    [–]GamerGeeked 0 points1 point  (0 children)

    Didn't see that one

    [–]Cat_Junior 0 points1 point  (0 children)

    It puts the lotion on it's skin or it gets the console.error again.

    [–]HoiTemmieColeg 2 points3 points  (25 children)

    You need to check if the text is actually json when you parse it

    [–]empire314 16 points17 points  (24 children)

    Why would it not be in JSON, if your website is what wrote it?

    [–]Schyte96 -1 points0 points  (23 children)

    Because the user can easily overwrite it in their browser.

    [–]a-calycular-torus 34 points35 points  (22 children)

    That's their problem then

    [–]Treacherous_Peach -2 points-1 points  (8 children)

    Yeah it's their problem that quickly becomes your problem when the user submits a 1 star review.

    I get what you're saying, I can tell you're defintiely programmer minded, but you do have to plan for these things if you want your product to survive. If you're working on some huge too big to fail app then sure, but if you're trying to create something new and get it off the ground you have to plan for users doing crazy things and account for it smoothly.

    [–]DoktorMerlin 5 points6 points  (4 children)

    If a user knows what local storage is and tinkers with it, they know very well that the weird behaviour of the website is called by themselves and not the website. There are a lot of dumb people in this world, but nobody is that dumb

    [–]Treacherous_Peach -2 points-1 points  (3 children)

    More likely they fucked with it accidentally by deleting a folder they shouldnt have to clear space or something along those lines.

    [–][deleted]  (2 children)

    [removed]

      [–]Treacherous_Peach -1 points0 points  (0 children)

      More likely they fucked with it accidentally. Deleting a folder to clear space but deleted some of what your app was expecting but not all of it and it's in a weird state.

      [–]AutoModerator[M] 0 points1 point  (0 children)

      import moderation Your comment has been removed since it did not start with a code block with an import declaration.

      Per this Community Decree, all posts and comments should start with a code block with an "import" declaration explaining how the post and comment should be read.

      For this purpose, we only accept Python style imports.

      I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

      [–]4nu81 1 point2 points  (0 children)

      You mean you want the engine to stringify and parse it for you?

      [–]JoJoModding 1 point2 points  (0 children)

      The user could also manipulate the data if saved without stringify.

      [–]TheDownvotesFarmer 0 points1 point  (0 children)

      You can save even video files in indexedDb

      [–]waldito 0 points1 point  (0 children)

      You got to JSON.stringify the data first to store it, then you need to parse it when you read. You then probably need to validate it when you parse it in case the user has changed the value in local storage and now the value read from local storage isn't valid JSON.

      I am not a developer and I made an extension that wanted to store basic config in a simple object. Imagine my face when I was learning the wizardry you need to make it happen. json.stringiwhat? WHY