If you are caching private information you are going to have a bad time. The expiration feature is misleading. It will only run when the site with the library is loaded.
So if you're in a random internet café checking your email on a site that uses this library to cache your emails and then close the browser and leave all that private information, your email content, is cached on that browser. If a savvy enough person saw you on this site and knew what it did that individual could go to the browser and simply use Web Inspector, in the case of Chrome, and check out what was cached and read all of your cached emails.
There is no way for the client to know it's not a secure environment unless you ask the user. You also could delete the cache on log out, but what you can't do is delete the cache when the browser or tab closes, because then you don't have a cache at all. And more than likely most devs wont even think on this and just imagine that their cache will expire at some point.
Gmail solves this problem by requiring a per browser opt-in via, on Chrome at least, a browser extension for client side caching.
I haven't investigated to see if there's some way to use the HTML5 cache.appcache window.applicationCache to solve this problem. That actually has an expire.
So if you're in a random internet café checking your email on a site that uses this library to cache your emails and then close the browser and leave all that private information, your email content, is cached on that browser. If a savvy enough person saw you on this site and knew what it did that individual could go to the browser and simply use Web Inspector, in the case of Chrome, and check out what was cached and read all of your cached emails.
There is no way for the client to know it's not a secure environment unless you ask the user. You also could delete the cache on log out, but what you can't do is delete the cache when the browser or tab closes, because then you don't have a cache at all. And more than likely most devs wont even think on this and just imagine that their cache will expire at some point.
Gmail solves this problem by requiring a per browser opt-in via, on Chrome at least, a browser extension for client side caching.
I haven't investigated to see if there's some way to use the HTML5 cache.appcache window.applicationCache to solve this problem. That actually has an expire.