将 JavaScript 文件作为文件的离线版本存储在 localStorage 中是否存在安全风险？

Question

I have an app that reads the contents of example.js using an AJAX call to example.php , then saves example.js to a variable, localStorage.exampleJS , every time the user opens the app on their phone. The AJAX call uses the following jQuery:

$.ajax({
    type: "POST",
    url: "https://example.com/example.php",
    success: function(response){
        localStorage.exampleJS = response;
    },
});

example.php contains the following:

<?php
    echo file_get_contents('example.js');
?>

In the event that the the user doesn't have an internet connection, I run the offline version using the following jQuery:

if(navigator.onLine){
    $("head").append("<script src='https://example.com/example.js'></script>");
}
else{
    $("head").append("<script>" + localStorage.exampleJS + "</script>");    
}

I know this could potentially have security risks. Is this a bad practice? Are there security risks doing saving an offline version this way? Is there a better way to do this? Thanks!

Answer 1

I think there is no harm storing file in local-storage, but have to keep following things in your mind.

• File size should not be more than the local-storage size. at any point of time you could utilized full local-storage then you would not be able to store more file.
• Ensure that your all files are uglify and minify, since it will help you in security and space optimization. As uglfy is not human readable so anyone try to read it he is not able to read as file is in uglify form, and minify helps to reduce the file size.