Fortunately, there’s nothing obscure about how it’s stored, and the method for stopping a particular site from ever using it again is easy.
To clear out the local storage, exit Safari and run:
rm -rf ~/Library/Safari/LocalStorage/http*
(don’t delete everything, since Safari Extensions store their settings here as well)
To prevent a particular site from using local storage ever again (say, samy.pl, home of and test site for evercookies), exit Safari and run these two commands:
cp /dev/null ~/Library/Safari/LocalStorage/http_samy.pl_0.localstorage
chmod 0 ~/Library/Safari/LocalStorage/http_samy.pl_0.localstorage
To see what a site is storing on your machine (all on one line):
”select * from ItemTable”
The best solution would be a small script to whitelist the few domains you’re willing to allow persistent storage from, and nuke the rest whenever they show up. Safari caches these Sqlite databases in memory during a session, so you need to restart the browser to really clear them.
My several-times-a-week routine is now:
Note that it’s also easy to change the data sites are stuffing into local storage. The results could be whimsical or malicious, depending on how intelligent the web developer was.
On a related note, the HTML5 local database storage is in ~/Library/Safari/Databases, if you’ve allowed any sites to use it. I keep it turned off, myself.