🔒 Security

Form Guardian is designed with security and privacy in mind. Learn how your data is protected.

🛡️ Core Security Features

1. Automatic Password Exclusion

By default, Form Guardian automatically excludes password fields from autosave:

// These fields are NEVER saved
<input type="password" name="password" />
<input type="password" name="confirm_password" />
<input type="password" name="old_password" />

Detection methods:

type="password" attribute
Field names containing "password" (case-insensitive)
Custom blacklist patterns

2. Sensitive Field Blacklist

Built-in blacklist for common sensitive fields:

// Automatically excluded fields:
- password, passwd, pwd
- cvv, cvc, ccv
- ssn, social_security
- credit_card, card_number
- secret, token, api_key

3. Custom Blacklist

Add your own sensitive fields:

useFormAutosave('my-form', {
  blacklist: [
    'input[name="ssn"]',
    'input[name="tax_id"]',
    '[data-sensitive="true"]',
    '.confidential',
  ],
});

Examples:

// Custom sensitive fields
<input name="ssn" /> {/* Excluded */}
<input name="tax_id" /> {/* Excluded */}
<input data-sensitive="true" /> {/* Excluded */}
<textarea className="confidential" /> {/* Excluded */}

🔐 Data Storage Security

IndexedDB Encryption

Form Guardian stores data in IndexedDB, which provides:

✅ Origin isolation - Data accessible only from same origin
✅ User-space storage - Stored on user's device
✅ Browser sandboxing - Protected by browser security
✅ No cloud sync - Data never leaves user's device

Storage Location

Browser IndexedDB → Database: "form-guardian-db"
                 → Store: "drafts"
                 → Key: formId
                 → Value: { values, metadata }

Security implications:

✅ Data stays local (no network transmission)
✅ Isolated per browser profile
✅ Cleared when user clears browsing data
❌ Not encrypted at rest (OS-level encryption recommended)

Recommended: OS-Level Encryption

For sensitive applications, enable OS disk encryption:

Windows: BitLocker
macOS: FileVault
Linux: LUKS/dm-crypt

🌐 Network Security

No External Calls

Form Guardian NEVER makes network requests:

// ❌ Form Guardian does NOT do this:
fetch('https://third-party.com/track', { data });
analytics.send('form-data', values);
cdn.upload('draft', formData);

Zero telemetry - No tracking, no analytics, no external dependencies.

Offline-First

All operations happen locally:

✅ Save → IndexedDB (local)
✅ Load → IndexedDB (local)
✅ Clear → IndexedDB (local)

❌ No API calls
❌ No CDN uploads
❌ No third-party services

👤 Privacy & Compliance

Form Guardian is GDPR-friendly by design:

✅ Data Minimization - Only form values stored
✅ User Control - User can clear drafts anytime
✅ Local Storage - No data processor involved
✅ No Tracking - Zero telemetry
✅ Transparency - Open source code

User Rights

Users can exercise their rights:

// Right to erasure
await clearDraft('form-id');

// Right to access
const draft = await loadDraftCore('form-id');

// Right to data portability
const allDrafts = await getAllDrafts();
const json = JSON.stringify(allDrafts);

Form Guardian does not use cookies. All storage is in IndexedDB.

🔍 Best Practices

1. Audit Sensitive Forms

Review what data is being saved:

useFormAutosave('payment-form', {
  onBeforeSave: (values) => {
    console.log('Saving:', values);
    
    // Verify no sensitive data
    if (values.cvv || values.password) {
      console.error('⚠️ Sensitive data detected!');
    }
  },
});

2. Use Whitelist for Sensitive Forms

For forms with mostly sensitive data, use whitelist instead:

// Only save these specific fields
useFormAutosave('payment-form', {
  whitelist: [
    'input[name="billing_name"]',
    'input[name="billing_address"]',
    'input[name="billing_city"]',
  ],
  // Everything else is ignored
});

3. Set Appropriate TTL

Don't keep sensitive drafts forever:

// Auto-delete after 1 hour
useFormAutosave('sensitive-form', {
  ttl: { hours: 1 },
});

// Auto-delete after 15 minutes
useFormAutosave('payment-form', {
  ttl: { minutes: 15 },
});

4. Clear on Submit

Always clear drafts after successful submission:

const handleSubmit = async (data) => {
  try {
    await api.submit(data);
    await clearDraft(); // ✅ Clear sensitive draft
  } catch (error) {
    // Draft remains for retry
  }
};

5. Disable for Sensitive Forms

For highly sensitive forms, consider disabling autosave:

// Don't use Form Guardian for:
- Credit card details (except billing address)
- Social security numbers
- Bank account numbers
- Medical records
- Legal documents requiring signatures

🚨 Security Considerations

What Form Guardian DOES NOT Protect Against

❌ XSS Attacks - Sanitize user input on server
❌ CSRF - Use CSRF tokens
❌ Session hijacking - Use secure session management
❌ Man-in-the-middle - Use HTTPS
❌ Physical access - Use OS-level encryption

Form Guardian focuses on draft storage security, not general web security.

Threat Model

Protected against:

✅ Accidental data loss (refresh, crash)
✅ Unauthorized access via other origins
✅ Data leakage via network

NOT protected against:

❌ XSS vulnerabilities in your app
❌ Compromised user device
❌ Browser extensions with IndexedDB access
❌ Physical access to unlocked device

🔬 Security Audits

Verify Excluded Fields

Test what's being saved:

const { getCurrentValues } = useFormAutosave('test-form');

// In dev console
const values = await getCurrentValues();
console.log('Saved fields:', Object.keys(values));

// Verify no password/cvv/etc

Review Dependencies

Form Guardian has zero external dependencies:

{
  "dependencies": {} // No third-party code
}

Only peer dependencies (React, if using @form-guardian/react).

Inspect Source Code

Form Guardian is open source:

git clone https://github.com/Tishkin/form-guardian-examples
cd form-guardian-examples

# Review source
cat packages/core/src/index.ts
cat packages/dom/src/index.ts
cat packages/react/src/index.ts

📋 Security Checklist

Before deploying forms with autosave:

Verified password fields are excluded
Added custom blacklist for sensitive fields
Set appropriate TTL for drafts
Clear drafts on successful submit
Tested in dev console what's being saved
Considered using whitelist for sensitive forms
Documented privacy policy updates
Enabled HTTPS for production
Informed users about draft storage

🆘 Reporting Security Issues

Found a security vulnerability?

Do NOT open a public issue.

Instead:

Email: security@form-guardian.com
Include:
- Description of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (optional)

We'll respond within 48 hours.

Best Practices - General guidelines
API Reference - Blacklist/whitelist options
Troubleshooting - Common issues

Your data security is our priority. 🔒

🛡️ Core Security Features​

1. Automatic Password Exclusion​

2. Sensitive Field Blacklist​

3. Custom Blacklist​

🔐 Data Storage Security​

IndexedDB Encryption​

Storage Location​

Recommended: OS-Level Encryption​

🌐 Network Security​

No External Calls​

Offline-First​

👤 Privacy & Compliance​

GDPR Compliance​

User Rights​

Cookie-Free​

🔍 Best Practices​

1. Audit Sensitive Forms​

2. Use Whitelist for Sensitive Forms​

3. Set Appropriate TTL​

4. Clear on Submit​

5. Disable for Sensitive Forms​

🚨 Security Considerations​

What Form Guardian DOES NOT Protect Against​

Threat Model​

🔬 Security Audits​

Verify Excluded Fields​

Review Dependencies​

Inspect Source Code​

📋 Security Checklist​

🆘 Reporting Security Issues​

📚 Related Documentation​