There are two concerns to local storage in HTML5 -

HTML5 中的本地存储有两个问题 -

1. One website reading offline data that another website has stored in a users browser
2. An end user querying your websites offline data directly

1. 一个网站读取另一个网站存储在用户浏览器中的离线数据
2. 最终用户直接查询您网站的离线数据

For 1, browsers enforce the same-domain restrictions to localStorage (or the sqllite database support that safari has), so other websites won't have access to the data that you store. However, do remember that if your site has XSS vulnerabilities, it would be possible to steal the data.

对于 1，浏览器对 localStorage（或 safari 具有的 sqllite 数据库支持）强制实施同域限制，因此其他网站将无法访问您存储的数据。但是，请记住，如果您的站点存在 XSS 漏洞，则有可能窃取数据。

For 2, you can't prevent it. Its just like a cookie - the user can chose to view/delete/modify it.

对于2，您无法阻止它。它就像一个 cookie - 用户可以选择查看/删除/修改它。

Encryption of data is possible (see http://farfarfar.com/scripts/encrypt/), but pointless. You cannot have a single, global key/password - because an attacker can easily figure the key from javascript code. Using a user-entered password to encrypt/decrypt is possible, but client-side encryption libraries aren't mature or tested well enough. There are likely tons of way to break it.

数据加密是可能的（参见http://farfarfar.com/scripts/encrypt/），但毫无意义。您不能拥有单一的全局密钥/密码 - 因为攻击者可以轻松地从 javascript 代码中找出密钥。使用用户输入的密码来加密/解密是可能的，但客户端加密库不够成熟或测试不够好。可能有很多方法可以打破它。

So, for now atleast, don't store sensitive data in localStorage.

因此，至少现在不要将敏感数据存储在 localStorage 中。

You can also see an article on this concernby the author of the HTML5 SecureStore Porposal

您还可以查看HTML5 SecureStore Porposal 的作者关于此问题的文章

If you're storing data on the user's computer, the user can always read it, no matter how much you encrypt it [assuming you aren't using a hash...]

如果您将数据存储在用户的计算机上，则无论您对其进行多少加密，用户始终可以读取它[假设您没有使用散列...]

Sensitive data goes on the server-side, always.

敏感数据总是在服务器端。