23 lines
760 B
JavaScript
23 lines
760 B
JavaScript
// storageGuard.js
|
|
const RESTRICTED_SUBSTRINGS = [
|
|
'token','access','refresh','userid','user_id','user','profile','email','phone',
|
|
'answers','interest','riasec','salary','ssn','auth'
|
|
];
|
|
function shouldBlock(key) {
|
|
const k = String(key || '').toLowerCase();
|
|
return RESTRICTED_SUBSTRINGS.some(s => k.includes(s));
|
|
}
|
|
function wrap(storage) {
|
|
if (!storage) return;
|
|
const _set = storage.setItem.bind(storage);
|
|
storage.setItem = (k, v) => {
|
|
if (shouldBlock(k)) {
|
|
throw new Error(`[storageGuard] Blocked setItem(\"${k}\"). Sensitive data is not allowed in Web Storage.`);
|
|
}
|
|
return _set(k, v);
|
|
};
|
|
}
|
|
export function installStorageGuard() {
|
|
try { wrap(window.localStorage); } catch {}
|
|
try { wrap(window.sessionStorage); } catch {}
|
|
} |