Saturday, October 9 2010

Clearing Safari’s cache of HTML5 local storage

One of the few things that Safari 5 does not give you a way to avoid or clear is HTML5 local storage. This is separate from the setting for HTML5 local database storage, and deleting it is necessary not only for avoiding things like the new evercookies that sites are starting to use (such as polldaddy), but also sites like meebo who use it to store large chunks of custom Javascript locally.

Fortunately, there’s nothing obscure about how it’s stored, and the method for stopping a particular site from ever using it again is easy.

To clear out the local storage, exit Safari and run:

rm -rf ~/Library/Safari/LocalStorage/http*

(don’t delete everything, since Safari Extensions store their settings here as well)

To prevent a particular site from using local storage ever again (say, samy.pl, home of and test site for evercookies), exit Safari and run these two commands:

cp /dev/null ~/Library/Safari/LocalStorage/http_samy.pl_0.localstorage
chmod 0 ~/Library/Safari/LocalStorage/http_samy.pl_0.localstorage

To see what a site is storing on your machine (all on one line):

sqlite3 ~/Library/Safari/LocalStorage/http_samy.pl_0.localstorage
    ”select * from ItemTable”

The best solution would be a small script to whitelist the few domains you’re willing to allow persistent storage from, and nuke the rest whenever they show up. Safari caches these Sqlite databases in memory during a session, so you need to restart the browser to really clear them.

My several-times-a-week routine is now:


  1. Reset Safari menu (clear history, reset top sites, remove webpage preview images, empty the cache, clear the downloads window, remove saved names and passwords, remove all other autofill form text, close all safari windows).
  2. Exit Safari.
  3. Clear all non-whitelisted cookies with a custom script.
  4. Clear all non-whitelisted local storage with a custom script.
  5. (all Flash local storage was already permanently disabled, which has only ever broken one site’s functionality (Indiemapper))

Note that it’s also easy to change the data sites are stuffing into local storage. The results could be whimsical or malicious, depending on how intelligent the web developer was.

On a related note, the HTML5 local database storage is in ~/Library/Safari/Databases, if you’ve allowed any sites to use it. I keep it turned off, myself.