Skip to main content
The no-browser-storage rule prevents usage of browser storage APIs (localStorage and sessionStorage).

Rule details

UI extensions run in a sandboxed web worker environment where browser storage APIs (localStorage and sessionStorage) are intentionally unavailable for security and isolation. This prevents extensions from accessing storage data from the host application, storing sensitive data without proper security controls, or interfering with other extensions. Storage APIs don’t exist at runtime and will throw errors if accessed. Instead, use React state for temporary data or backend APIs for persistent data.

Storage alternatives

Use the following UI extension alternatives instead of browser storage APIs: See the next section for an example of each alternative.

Examples

Temporary data

Instead of using sessionStorage for temporary form data:
Use React state:

Persistent data

Instead of using localStorage for persistent user preferences:
Use hubspot.fetch() to persist data via your backend:

Complex state management

Instead of using localStorage for app-wide state:
Use React Context with useReducer:
Last modified on March 29, 2026