The javascript code executed in the character sheet is highly sandboxed. It should not be possible to access the DOM, cookies or other APIs. If you found a way to exit the scope and access external elements, please report the security breach to us, at We will gladly send you a financial reward.