The article discusses the potential security risks associated with service workers, particularly when connected to websites vulnerable to cross-site scripting (XSS) attacks. Service workers can manipulate IndexedDB and push subscriptions, exposing users to threats if any sites visited have insufficient input validation. Although unregistering unverified service workers can help, any vulnerabilities in the websites' code can still compromise user security, highlighting the importance of robust security measures in web applications.
Unfortunely what you are doing is not enough. According to the article in order for these attacks to succed it required that a website or webapp is supcetible to XSS attack.
Another thing to happend for IndexDB attack is this: if ( regex.test( url )) { importScripts ( url ); Where the url was read from a value in IndexDB.
Collection
[
|
...
]