I am planning to use IndexedDB to store private messages queue while they will be sent on the background, especially if the page will be offline for a moment and I can retry sending them. And I want to use Service Worker to cache GET requests results (some of which are private messages lists).
It looks very unsafe that I can just open the Application tab and directly see the data from both of them there.
I know that both use same-origin-only policy, but I am not sure if they're hackable anyway. Should I look into encrypting sensitive data before putting it into IndexedDB and SW, if yes, what is the best way to do so?
what if user accidentally installed a phishing package- that sounds like their issue, not yours :psomeone can inject their own service worker on my websitesecure your website - nothing is 100% safe on the internet - Jaromanda X