Multiple 'about:blank' - localStorage

Question

I'm making a bookmarklet, and the bookmarklet goes to about:blank, then stores data under localStorage (technically, it downloads a script that stores data under localStorage)

The idea is that it downloads a script, and stores it under localStorage. That way, it doesn't have to download it again. However, there is no way of ensuring that one of the scripts won't try to edit the contents of another script (in localStorage).

So, I was wondering if it was possible to get a fresh context for localStorage, e.g. via going to about:blank/xyz. However, I do not want this to go to a website, even if the website is specially designed for this. I want this to be entirely local (the entire purpose behind this is to save bandwidth).

Or, being able to somehow sandbox localStorage would work too (in fact, that would be much preferred)

Any thoughts?

TL;DR I want to be able to have a fresh context for localStorage, without accessing a website (e.g. via about:blank, hence the title: Multiple about:blank's)

See http://stackoverflow.com/questions/35065157/how-to-have-separate-sessionstorages-for-iframes-on-same-origin — guest271314, Feb 14 '16 at 00:10
I edited the question to make it a bit clearer (the TL;DR part). What is plnkr? And, two bookmarklets running under the same context (`about:blank`) have access to the same `localStorage`. — MiJyn, Feb 14 '16 at 00:14
plnkr http://plnkr.co is a website that allow use of `localStorage` to demonstrate `html` , `js` ,`css` — guest271314, Feb 14 '16 at 00:15
Could try creating an `objectURL` to store data that should only be accessible from original `location.href` that created the blob url. Not entirely certain what expected requirement, or result is ? — guest271314, Feb 14 '16 at 00:17
I looked into `createObjectURL`, but I'm not exactly sure how to run it? I tried running it with a WebWorker, but it can't access `window` (including `localStorage` and the DOM) — MiJyn, Feb 14 '16 at 00:28
The approach would be to substitute `objectURL` for `localStorage` ; not certain what expected result is ? — guest271314, Feb 14 '16 at 00:30
I'm not exactly sure what you mean ... could you give a code example? I'll edit the question and explain what I am looking for a bit better :) **update**: edited! I hope this clarifies it! — MiJyn, Feb 14 '16 at 00:30
What is the purpose of having multiple `localStorage` instances ? — guest271314, Feb 14 '16 at 00:35
See the edit :) It's basically so that each script that my bookmarklet runs (these are arbitrary, could be any script) will have a fresh context, and will not modify the `localStorage` of any other script — MiJyn, Feb 14 '16 at 00:35
Reviewed http://stackoverflow.com/questions/35065157/how-to-have-separate-sessionstorages-for-iframes-on-same-origin ? — guest271314, Feb 14 '16 at 00:37
Not entirely certain if possible using `localStorage` ; only workaround solution provided at linked Question was to utilize `https:` protocol . Still not certain what expected result is or purpose of using `localStorage` ? — guest271314, Feb 14 '16 at 00:41
_“so that each script that my bookmarklet runs […] will have a fresh context, and will not modify the localStorage of any other script ”_ – so how will that bookmarklet access the stored data when it/the specific script is run the next time? (Assuming that is a requirement somehow, because otherwise why would you be using localStorage in the first place?) Based on what criterion would you want that association to happen (if the URL is out of question, because the same)? — CBroe, Feb 14 '16 at 00:43
@CBroe The idea is that there is one 'master' script, that can access all of the scripts (the real `localStorage` object). And then, it would run another, 3rd party, script, but give it only a subset of the `localStorage` object (e.g. in pseudo-code `localStorage = JSON.parse(localStorage.script_xyz_storage)`), and once the script is done, it would save the changes (`localStorage.script_xyz_storage = ...`). — MiJyn, Feb 14 '16 at 00:46
@MiJyn In that case, could do just that; create an unique property of `localStorage` parsed object for when a bookmarklet is launched — guest271314, Feb 14 '16 at 00:48
When bookmarklet is launched, create a `localStorage` item that is incremented; e.g.; `localStorage.setItem("a1")` , `localStorage.setItem("a2")` , `localStorage.setItem("z1")` , `localStorage.setItem("z2")` — guest271314, Feb 14 '16 at 00:50
If `localStorage.setItem("a1")` exists , create `localStorage.setItem("a2")` ; the two properties, values would be unique ? Is concern that `localStorage.setItem("a2")` would access `localStorage.setItem("a1")` ? If yes, why ? — guest271314, Feb 14 '16 at 00:54
_“However, there is no way of ensuring that one of the scripts won't try to edit the contents of another script”_ – so what/where from are those scripts? Why would they behave in such a “malicious” manner? — CBroe, Feb 14 '16 at 00:56
To both gues271314 and CBroe (I can't tag more than one person), it executes arbitrary scripts that the user feeds it (this is a "framework" of sorts). The issue is that one of the scripts that the user feeds might act maliciously :) — MiJyn, Feb 14 '16 at 00:58
Prevent the scripts from acting maliciously ? Again, not certain why `localStorage` is being used here ? What do scripts do ? Can you create a plnkr http://plnkr.co to demonstrate ? — guest271314, Feb 14 '16 at 00:59
_"it executes arbitrary scripts that the user feeds it"_ How would a script affect another user ? The user would effectively be acting maliciously towards themselves ? — guest271314, Feb 14 '16 at 01:05
@guest271314 Here is an example: http://paste.ubuntu.com/15049909/ . As you can see, the malicious script can do whatever it wants. — MiJyn, Feb 14 '16 at 01:32
@MiJyn Yes, though user would be calling a malicious script that would only affect themselves ? — guest271314, Feb 14 '16 at 01:34
The issue is if multiple scripts were to be run, a malicious script could edit others' scripts (and their data) :) — MiJyn, Feb 14 '16 at 01:36

Multiple 'about:blank' - localStorage

0 Answers0