Skip to content

Fix/issue 2360 remove localstorage tokens#2367

Open
Prateek2007-cmd wants to merge 6 commits into
janavipandole:mainfrom
Prateek2007-cmd:fix/issue-2360-remove-localstorage-tokens
Open

Fix/issue 2360 remove localstorage tokens#2367
Prateek2007-cmd wants to merge 6 commits into
janavipandole:mainfrom
Prateek2007-cmd:fix/issue-2360-remove-localstorage-tokens

Conversation

@Prateek2007-cmd

@Prateek2007-cmd Prateek2007-cmd commented Jun 20, 2026

Copy link
Copy Markdown
Contributor

Description

Resolves Issue #2360 (JWT Storage Vulnerable to XSS).

Following the migration to secure, split-token HttpOnly cookies, the frontend authentication controllers (register.js and login.js) continued to execute legacy persistence logic (localStorage.setItem). Because localStorage is completely unprotected from JavaScript evaluation, this logic inadvertently preserved the XSS attack vector.

This PR purges the legacy logic, finalizing the security migration.

Changes Made

  • XSS Mitigation: Removed all localStorage.setItem('token', ...) operations from the authentication endpoints.
  • Client Sanitization: The frontend is now fully unaware of the cryptographic session payload, completely sandboxing it from DOM-level attacks.

Type of Change

  • Security Fix
  • Technical Debt

@vercel

vercel Bot commented Jun 20, 2026

Copy link
Copy Markdown

@Prateek2007-cmd is attempting to deploy a commit to the janavipandole's projects Team on Vercel.

A member of the Team first needs to authorize it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backend frontend

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Prateek2007-cmd