Even though the Web Storage specification says user agents should limit the amount of space used to store data, a new exploit uses it to store gigabytes of junk. The exploit is based around storing data per-subdomain, which gets around the limits most browsers have already implemented. Users testing it found Chrome would crash when run in incognito mode, but Firefox was immune to the attack.
Other security researchers have raised concerns about
localStorage in the past. Joey Tyson talked about storing malicious code in localStorage, and Todd Anglin wrote about some of the more obscure facts about localStorage which touches on security.
Oliver Nightingale from New Bamboo sent in his extremely well-presented full-text browser-based search library (GitHub: olivernn / lunr.js, License: MIT), which indexes JSON documents using some of the core techniques of larger server-side full-text search engines: tokenising, stemming, and stop word removal.
By removing the need of extra server side processes, search can be a feature on sites or apps that otherwise would not have warranted the extra complexity.
Vlug (GitHub: pllee / vlug, License: MIT, npm: vlug) by Patrick Lee is a small instrumentation library for benchmarking code without manually adding log statements. The
Vlug.Interceptor object takes a specification of things to log, which will dynamically invoke calls to
console.timeEnd to collect benchmarks.
Patrick has tested it with browsers and Node, and has included
Vlug.Runner for running iterations on functions. The readme and homepage both have documentation and examples.