Hi Steven, I am using ng-storage and injecting $sessionStorage....Is this ok? Or how > do you access local storage within Angular? > This does what you need. Personally I would not add an extra 3rth party for local storage support. Using it is just 1 line of JS.
So....does this sound ok > > 1) A link enabled https to my route page "booking" > 2) Send angular form data on booking route via https to my php script > 3) php script sends data cross domain via https to 3rd party api > 4) php script returns the data back to my booking page and controller. > 5) booking controller saves the response as local storage > 6) booking page then redirects to https confirmation route > 7) confirmation controller or factory picks up localstorage and loads it > into scope for viewing > Looks good to me, and will do what you want. Of course you have to take security in account. However, if your app is targeted with an attack, using localstorage isn't your biggest problem. I can go in about attack surfaces and stuff like that, but rest assured that what you have read in the links provided by Radek, only touches the surface of this problem. Thing is, you can't secure anything that's outside your control. Web-apps are inherently insecure. That's why you need to double-check everything on your server. There is only so much you can do to protect your app. To be fair, angular apps are already fairly secure. Angular takes the biggest sting out of the whole problem. Not using cookies takes you a step along. HTTPS is mandatory. If you do that, you are pretty secure, unless someone dives deeply into your app, and writes a specialized attack. Then he has to find a way to inject this attack, that is also not as easy as it sounds. (httpS/angular). If you don't put any 3rth party stuff in your page(think adds/social stuff) injecting an attack becomes even more unlikely. I hope this helps you a bit? Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
