Fix deep linking

[bkeepers]

Once you navigate to an item, refreshing the page breaks the layout.

Before refresh: http://cl.ly/image/0L3f0d3q2T33
After refresh: http://cl.ly/image/0L1q0H2O232J

I just need to make sure the backbone router properly loads each layout section when reloading.

[bkeepers]

With the pki branch merged, this issue changed a bit. Now it always redirects to the unlock screen, and then to the root.

[joeyw]

One solution to this would be to use sessionStorage for the private keys password, the keypair could then be unlocked between refreshes. The downside of course is the keypair password sitting in plain text.

Another solution would be to store the current hash whenever we are redirected to the unlock page, then once unlocked, try to load the page.

If either of these ideas sound good, let me know and I will code it up.

[bkeepers]

I'm already a little uneasy about security in the browser. Storing the password or decrypted private key makes me even more nervous.

Would you be willing to do a little research about local storage security? I'd like to know:

• How is it persisted on disk?
• How can it be accessed through the browser/extensions?
• Is there any way to securely store it?

[joeyw]

Javascript Cryptography Considered Harmful sheds some insight that maybe interesting to this project.

1. With that said, localStorage is not suitable for sensitive data. Safari and Chrome use sqlite for storage. For instance, I've ran Swordfish locally and I the private key it generated is stored in plaintext with cat ~/Library/Application\ Support/Google/Chrome/Default/Local\ Storage/http_localhost_3000.localstorage.
2. There is a same-origin policy for localstorage but XSS and injected extension give up the data easily.
3. I can't answer this.

[bkeepers]

I opened up #28 to discuss the security aspects more. In the mean time, I would punt on storing the passphrase or decrypted private key.