sleepy/odysseus
1
0
Fork
You've already forked odysseus
 0
Code Issues 9 Pull requests 10 Projects Releases Packages Wiki Activity Actions

[frontend] 240 localStorage/sessionStorage writes with no size limits or expiry #794

New issue
Open
opened 2026-06-03 00:40:55 +02:00 by sleepy · 0 comments
sleepy commented 2026-06-03 00:40:55 +02:00
Owner
Copy link

Finding

Frontend JS makes 240 localStorage/sessionStorage calls across all files. There is no centralized storage management — each module writes independently with no TTL, eviction policy, or size monitoring.

Impact

  • No coordination between modules on storage keys — potential for key collisions
  • localStorage has a ~5MB limit per origin; with 240+ writes across features, hitting the quota is realistic
  • No error handling for storage quota exceeded (throws QuotaExceededError)
  • Stale data persists forever — no expiry mechanism
  • In a multi-user shared-browser scenario, one user's cached data leaks to the next

Recommendation

  1. Create a centralized storage helper in ui.js that handles quota errors gracefully
  2. Add TTL support for cached data
  3. Namespace all keys by module/feature to prevent collisions
  4. Add try/catch around all localStorage writes (or use the centralized helper)
## Finding Frontend JS makes **240 localStorage/sessionStorage** calls across all files. There is no centralized storage management — each module writes independently with no TTL, eviction policy, or size monitoring. ## Impact - No coordination between modules on storage keys — potential for key collisions - localStorage has a ~5MB limit per origin; with 240+ writes across features, hitting the quota is realistic - No error handling for storage quota exceeded (throws QuotaExceededError) - Stale data persists forever — no expiry mechanism - In a multi-user shared-browser scenario, one user's cached data leaks to the next ## Recommendation 1. Create a centralized storage helper in ui.js that handles quota errors gracefully 2. Add TTL support for cached data 3. Namespace all keys by module/feature to prevent collisions 4. Add try/catch around all localStorage writes (or use the centralized helper)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
fix/effective-mode-undefined
fix/async-generator-500
refactor/split-small-routes-779
refactor/split-session-routes-778
refactor/split-llm-core-700
refactor/split-chat-routes-724
refactor/split-model-routes-701
refactor/split-skills-routes-777
refactor/split-document-routes-769
refactor/split-ai-interaction-722
refactor/split-cookbook-routes-775
refactor/split-builtin-actions-723
refactor/split-task-scheduler-774
refactor/tool-execution-split-667
fix/rag-health-coordinator-756
fix/agent-core-missing-round-loop
fix/rag-health-check-756
fix/missing-readmes-782
fix/search-files-split-772
fix/dedup-search-impl-771
fix/mcp-integrations-split-781
fix/cookbook-helpers-split-785
fix/search-cross-feature-776
fix/graceful-llm-degradation-770
fix/dedup-research-handler-773
fix/cross-route-coupling-780
fix/skills-typed-request-762
fix/chat-stream-pydantic-731
fix/chat-handler-imports-737
fix/public-llm-exports-730
fix/dedup-search-content-784
fix/dedup-stream-parse-735
fix/stream-error-boundary-734
fix/typed-event-names-786
fix/dedup-js-utilities-792
fix/skills-index-lookup-761
fix/xss-charname-innerhtml-788
fix/coderunner-document-write-789
fix/ai-interaction-thread-safety-729
fix/client-side-api-key-regex-793
fix/dead-loadingtext-796
fix/active-streams-eviction-736
fix/builtin-actions-sqlite-orm-732
fix/llm-core-thread-safety-709
fix/singleton-thread-safety-768
fix/video-upload-multimodal-826
fix/mic-button-audio-825
fix/multimodal-capabilities-827
fix/dedup-system-msg-717
fix/service-dead-calls-750
fix/db-session-context-manager-757
fix/dedup-llmconfig-710
fix/keyword-lists-764-v2
fix/keyword-lists-764
fix/llm-cache-ttl-708
fix/validate-config-711
fix/totp-constant-time-689
fix/admin-tools-constant-681
fix/dedup-truncate-670
fix/threadsafe-extractions-audit-754
fix/dedup-json-io-767
fix/695-deduplicate-admin-check
fix/upload-auth-dedup-765
fix/705-deduplicate-network-constants
fix/deduplicate-chunking-749
fix/760-deduplicate-embed
fix/dedup-validation-759
fix/748-deduplicate-tokenization
fix/add-readmes-728-742-782
fix/key-file-permissions-706
fix/embedding-retry-766
fix/deterministic-doc-ids-753
fix/search-facade-783
fix/remove-dead-memory-746
fix/remove-rag-manager-747
fix/dead-docstring-763
refactor/split-tool-schemas-666
refactor/split-agent-loop-664
refactor/split-tool-implementations-665
fix/mark-stopped-500-663
fix/streamingtts-scope-662
fix/code-block-tool-parsing-661
No results found.
Labels
Clear labels   
area:chat

   
area:core

   
area:llm

   
area:routes

   
area:tools

   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
refactor

   
wontfix
This will not be worked on

No labels
area:chat
area:core
area:llm
area:routes
area:tools
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
refactor
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
sleepy/odysseus#794
No description provided.