Bad idea.

馊主意。

1. Someone with access to the machine will always be able to read the localStorage, there is nothing much you can do to prevent it. Just type 'localStorage' in firebug console, and you get all the key/value pairs nicely listed.
2. If you have an XSS vulnerability in your application, anything stored in localStorageis available to an attacker.
3. You can try and encrypting it, but there is a catch. Encrypting it on the client is possible, but would mean the user has to provide a password andyou have to depend on not-so-well-tested javascript implementations of cryptography.
4. Encrypting on the server side is of course possible, but then the client code cannot read or update it, and so you have reduced localStorage to a glorified cookie.

1. 有权访问机器的人将始终能够读取 localStorage，您无能为力。只需在萤火虫控制台中键入“localStorage”，您就可以很好地列出所有键/值对。
2. 如果您的应用程序中存在 XSS 漏洞，localStorage则攻击者可以使用其中存储的任何内容。
3. 您可以尝试加密它，但有一个问题。在客户端对其进行加密是可能的，但这意味着用户必须提供密码，并且您必须依赖未经充分测试的 javascript 加密实现。
4. 在服务器端加密当然是可能的，但是客户端代码无法读取或更新它，因此您将 localStorage 简化为一个美化的 cookie。

If it needs to be secure, its best to not send it to the client. What is not in your control can never be secure.

如果需要安全，最好不要将其发送给客户端。不在您控制范围内的东西永远不会安全。

Public Key Cryptography can be applied to prevent any kind of intrusion. Also, data integrity checks (such as CRC or hashes) may be used to make sure data is validated by the server.

公钥密码术可用于防止任何类型的入侵。此外，数据完整性检查（例如 CRC 或哈希）可用于确保服务器验证数据。