Problem
Storing HTML snapshots in IndexedDB and re-injecting them poses security risks:
Potentially persisting XSS-tainted HTML
PII exposure in stored snapshots
Enterprise compliance concerns
Proposed Solution
Add option to disable snapshot capture for specific routes
Provide optional WebCrypto-based encryption for snapshots/models
Document sanitizer strategy and limitations clearly
Add clear logout/session-end cleanup API
Documentation Needs
Security/compliance section in docs
Clear explanation of sanitization boundaries
Problem
Storing HTML snapshots in IndexedDB and re-injecting them poses security risks:
Potentially persisting XSS-tainted HTML
PII exposure in stored snapshots
Enterprise compliance concerns
Proposed Solution
Add option to disable snapshot capture for specific routes
Provide optional WebCrypto-based encryption for snapshots/models
Document sanitizer strategy and limitations clearly
Add clear logout/session-end cleanup API
Documentation Needs
Security/compliance section in docs
Clear explanation of sanitization boundaries