Skip to content

jerry1100/electron-browser-storage

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

electron-browser-storage

Access localStorage and sessionStorage from the Electron Main process.

Install

npm install electron-browser-storage

Usage

The methods are promise-based and have the same code signature as the Storage interface methods. The only exception is that .length is implemented as a method .length().

Note: storage methods must be called after the app's ready event.

// In main process
const { localStorage, sessionStorage } = require('electron-browser-storage');

app.on('ready', async () => {
  // Async/await
  await localStorage.setItem('favorite_number', 12);
  await localStorage.getItem('favorite_number'); // '12'
  await localStorage.key(0); // 'favorite_number'
  await localStorage.length(); // 1
  await localStorage.removeItem('favorite_number');
  await localStorage.clear();

  // Promises
  sessionStorage.setItem('favorite_color', 'blue')
    .then(() => sessionStorage.getItem('favorite_color')) // 'blue'
    .then(() => sessionStorage.key(0)) // 'favorite_color'
    .then(() => sessionStorage.length()) // 1
    .then(() => sessionStorage.removeItem('favorite_color'))
    .then(() => sessionStorage.clear());
});

API

Promise-based versions of the Storage interface methods.

Storage.length()

Returns a promise that resolves to the number of items in the storage.

Storage.key(index)

Returns a promise that resolves to the key at the given index.

Storage.getItem(key)

Returns a promise that resolves to the value for the given key.

Storage.setItem(key, value)

Sets the value for the given key and returns a promise that resolves when complete.

Storage.removeItem(key)

Removes the item at the given key and returns a promise that resolves when complete.

Storage.clear()

Removes all keys and values and returns a promise that resolves when complete.

Security Concerns

Under the covers, this uses webContents.executeJavaScript() to access localStorage and sessionStorage in the renderer process.

// This is what the call to setItem() looks like
localStorage.setItem = (key, value) => {
  return win.webContents.executeJavaScript(`window.localStorage.setItem('${key}', '${value}');`);
};

Because nothing is being escaped, be careful when saving user input, since code injection is possible.

// Example of code injection
const userInput = `'); someInjectedCode(); ('`;
await localStorage.setItem('user_name', userInput);

// Resulting in this getting executed
win.webContents.executeJavaScript(`window.localStorage.setItem('user_name', ''); someInjectedCode(); ('');`);

I'm still trying to figure out how to get around this. If you have any ideas, feel free to DM me or open an issue.

About

Access localStorage and sessionStorage from Electron's main process

Resources

Readme
Activity

Stars

21 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

7 tags

Packages

 
 
 

Contributors

Languages