Playing a bit with localStorage
HTML5 is here and companies are starting to use it more and more to add value to their products. During the pentest we should be able to identify those new functionalities and their associated risks.
I was playing today a bit with some HTML5 apps and localStorage got my attention. This is a feature to store content locally on the browser for later use on the application and may contains sometimes sensitive information.
We can use the code above to execute it on the local context of a page and return all the objects inside the localStorage.