While this could be useful, I think it could pose a security threat to a user’s computer. People will always exploit features, so it’s in the Scratch Teams’s best interest to keep storage based in variables and secure cloud storage. It’s the same reason why the Scratch Team won’t add API requests. People could exploit that in a ton of ways. (Like a DDoS attack, for instance). If a project makes a request to a smaller website, and that project gets popular, those requests will slow down the website. It’s the same concept for local storage. Also, because of laws in the UK with cookies and local storage, there could be a chance there may be legal work involved.

Will they save to Chrome cache?

a better solution might be to store the data on the scratchers account.

weegaweek wrote:

a better solution might be to store the data on the scratchers account.

I think there should be options for both:

Local (no account required):

save locally [data] as [key] shared between saves :: variables
<is there [key] saved locally for all saves?:: variables> delete [key] from all saves locally:: variables
(retrieve [key] locally shared between saves:: variables) delete [key] from all saves locally:: variables
delete [key] from all saves locally:: variables

save locally [data] as [key] under current save:: variables
<is there [key] for current save?:: variables> delete [key] from all saves locally:: variables
(retrieve [key] locally under current save:: variables) delete [key] from all saves locally:: variables
delete [key] from current save:: variables

switch locally to save [file] :: variables

Here are account saves (requires account):

save globally [data] as [key] shared between saves :: variables
<is there [key] saved globally for all saves?:: variables> delete [key] from all saves globally:: variables
(retrieve [key] globally shared between saves:: variables) delete [key] from all saves globally:: variables
delete [key] from all saves globally:: variables

save globally [data] as [key] under current save:: variables
<is there [key] for current save?:: variables> delete [key] from all saves globally:: variables
(retrieve [key] globally under current save:: variables) delete [key] from all saves globally:: variables
delete [key] from current save globally:: variables

switch globally to save [file] :: variables

Hello fellow scratchers,
In JS syntax, there is a function called localStorage. It is basically a way to store data permanently on the computer unlike variables which will expire when the page is closed.
I am willing to suggest that a block for this purpose is made so that data can be stored permanently on scratch but with no need for the cloud (would only be for that single computer)! It would be another variable choice like cloud, instead local and would be available to new scratchers too.
It would be great to see others ideas and opinions on this idea!

Wow, this idea is amazing! I love it!

Sadly, it appears this is a duplicate topic. Here's what I found:
-March '19
-November '19

I think a Scratch Team member should merge those two thread.

Anyway, for now please continue the discussion in the November link.

there is also this, which is older than both those threads, as well as more detailed. but either way this topic is a duplicate, so i will report it to be closed.

PumpkinBear111 wrote:

What would this be used for? Please explain some more.

To save data?

Couldn't you completely fill someone's hard drive with this?

fdreerf wrote:

Couldn't you completely fill someone's hard drive with this?

No, local storage is stored in the browser

fdreerf wrote:

Couldn't you completely fill someone's hard drive with this?

If they have a 10 MB hard drive, yeah.
Browsers limit local storage to between 3 and 10 MB.

1132262 wrote:

If they have a 10 MB hard drive, yeah.
Browsers limit local storage to between 3 and 10 MB.

But remember that characters in localStorage would be bits, so this would be a byte on someone's hard drive: 11111111

-Snipet- wrote:

~snip~

localStorage won't pose a threat to users because the way localStorage works is that it saves stuff locally to the browser (so like in some files on your computer), no one else can take this data as nothing would be posted on the web!

Yeah but couldn't someone overwrite whatever is in there or inject malicious code inside?

Someone could use this to get the scratch token, then upload it to cloud data, and then use this token for malicious purposes.

fdreerf wrote:

Yeah but couldn't someone overwrite whatever is in there or inject malicious code inside?

badatprogrammingibe wrote:

Someone could use this to get the scratch token, then upload it to cloud data, and then use this token for malicious purposes.

No, in JS, the localStorage function simply caches data to the browsers local storage. This means only people in that account on that computer can view the data. It is pretty much just permanent variables, there is no interaction with the cloud, api or any other sources thus posing no threats

ContourLines wrote:

fdreerf wrote:

Yeah but couldn't someone overwrite whatever is in there or inject malicious code inside?

badatprogrammingibe wrote:

Someone could use this to get the scratch token, then upload it to cloud data, and then use this token for malicious purposes.

No, in JS, the localStorage function simply caches data to the browsers local storage. This means only people in that account on that computer can view the data. It is pretty much just permanent variables, there is no interaction with the cloud, api or any other sources thus posing no threats

Couldn't still inject something that does harm to the computer?

fdreerf wrote:

Couldn't still inject something that does harm to the computer?

Ah, that's what you mean! It still won't though, as it would be objects (so just bools, nums and strings) and probably limited to integers. It is impossible to download a virus like that

ContourLines wrote:

fdreerf wrote:

Couldn't still inject something that does harm to the computer?

Ah, that's what you mean! It still won't though, as it would be objects (so just bools, nums and strings) and probably limited to integers. It is impossible to download a virus like that

How do we know that this won't happen:
“Download this, convert it to (some format), open it!!!!”
Some people are surprisingly gullible.

ContourLines wrote:

fdreerf wrote:

Yeah but couldn't someone overwrite whatever is in there or inject malicious code inside?

badatprogrammingibe wrote:

Someone could use this to get the scratch token, then upload it to cloud data, and then use this token for malicious purposes.

No, in JS, the localStorage function simply caches data to the browsers local storage. This means only people in that account on that computer can view the data. It is pretty much just permanent variables, there is no interaction with the cloud, api or any other sources thus posing no threats

Scratch stores the current login data in localStorage, meaning that someone could access your login token.