jes
commented
7 years ago E.g. check out https://ipfs.io/ipfs/QmYuNaKwYFjXipWufudu9Ru8NweJ322qwsPZWatWij1i2f after storing something using markup.rocks - it's a completely unrelated IPFS page but has access to all of the content.
This application uses LocalStorage to store the "Last File" (filename) and "Last Document" (file content) keys.
Since markup.rocks is distributed over IPFS, and since every IPFS page is accessed from the same domain (the gateway), these keys are available to all other IPFS pages.
I'm pretty sure this isn't the only application that is vulnerable, and I don't yet know what the best fix is, but it's at least worth being aware of this.