TestMu AI (Formerly LambdaTest)/Kane CLI Cookbook/Keep secrets out of local storage
LOCAL STORAGE5 MIN READ

Keep secrets out of local storage

Assert that no obviously sensitive value, a password, a card number, raw personal data, is sitting in storage any script could read.

The problem

Anything in localStorage is readable by any JavaScript on the page, which means a single cross site scripting flaw turns it into an open safe. Storing a password, a full card number, or raw personal data there is a finding waiting for an auditor, and it creeps in casually, a developer caches a form value to be helpful, a debug build leaves data behind. The app works perfectly. The data is one injected script away from leaving.

The idea

localStorage is a glass box, anyone can see in. This makes sure nothing that belongs in a vault is sitting in the glass box.

What you will catch

  • A password or card number cached in client storage
  • Raw personal data left in storage by a helpful or debug feature
  • A finding a security review will flag, caught before it ships

How it works

Kane CLI reads the keys and values in storage. You assert that no key holds an obviously sensitive item, the things that should never live in a place any script can read.

Run it now

Point this at your own app to scan its real storage.

kane-cli --tui
# then paste this objective:
Go to https://github.com and let the page fully load.
Assert: localStorage has no key named 'password', 'card_number' or 'ssn'.

Or one line, for CI or sharing

kane-cli run "Go to https://github.com and let the page fully load.
Assert: localStorage has no key named 'password', 'card_number' or 'ssn'." --agent

What prints

Example run. Your numbers will vary by site, build and run. The PASS / FAIL and the zeros are the stable result, the raw timings and counts are illustrative.

▶ navigate + read storage                       ok
▶ assert no sensitive keys     0 found          ✓ PASS

RESULT  PASS   exit 0   ~45s   ~7 to 15 credits

# a cached secret would print:
▶ assert no sensitive keys     1 found: "card_number"   ✗ FAIL
RESULT  FAIL   exit 1

Adapt it to your app

Go to <your app> and complete <a flow that handles sensitive data>.
Assert: localStorage has no key named "password", "card_number", "ssn" or "<your sensitive field>".

Why it works

Kane CLI reads localStorage keys directly, so a check for sensitive key names runs in plain English. localStorage is origin scoped, so the scan reflects exactly what this site stored.

What it unlocks

A security best practice becomes a gate. Sensitive data in client storage fails the build the day it appears, instead of surfacing in a penetration test months later.

More Use Cases

CONSOLE

Catch the bug a screenshot misses

Your visual test is green and the page still loaded broken. This catches the server error and the thrown error the camera cannot see.

Learn more
PERFORMANCE

X-ray any page

Point Kane CLI at any URL and get back every number your DevTools would show you, in one structured result.

Learn more
COOKIES

See the cookie your test scripts are blind to

Assert an HttpOnly session cookie exists, the secure cookie that document.cookie and most test tools cannot read.

Learn more
NETWORK

Check the response, not just the status

Assert the endpoint returned the right shape, an array with items or a field with a value, not merely a 200.

Learn more
NETWORK

Catch the API failure behind a green page

Assert the real network result, a 200 where it matters and no 5xx anywhere, even when the page looks perfect.

Learn more
CONSOLE

Catch the error that only fires on a click

Find the error that a page load check never sees because it only happens when the user acts.

Learn more
COOKIES

Catch a cookie missing the Secure flag

Fail the moment any cookie is set without the Secure flag, so a session token can never travel over plain HTTP.

Learn more
NETWORK

Catch an environment leak before it ships

Fail a production build that quietly calls staging, localhost or a debug endpoint.

Learn more
GENERATE

Describe what to test, get the test cases

Say what you want to test in one sentence and Kane CLI generates the scenarios and the Positive, Negative and Edge cases, no browser, no writing them by hand.

Learn more
GENERATE

Reuse what you already have with memory

Turn on the memory layer and generation reuses your relevant existing cases and avoids drafting duplicates of coverage you already wrote.

Learn more

TestMu AI forEnterprise

Get access to solutions built on Enterprise
grade security, privacy, & compliance

  • Advanced access controls
  • Advanced data retention rules
  • Advanced Local Testing
  • Premium Support options
  • Early access to beta features
  • Private Slack Channel
  • Unlimited Manual Accessibility DevTools Tests