aspose file tools*
The moose likes HTML, CSS and JavaScript and the fly likes Object JavaScript and security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "Object JavaScript and security" Watch "Object JavaScript and security" New topic
Author

Object JavaScript and security

Peter Johnson
author
Bartender

Joined: May 14, 2008
Posts: 5843
    
    7

Do you address security in the book? For example, how to prevent cross-site scripting attacks. I need to be convinced of a web site's safeness before I tell Firefox's NoScript plugin to allow scripts to run, so knowing how to assure my customers of my site's safeness is essential for using JavaScript to build my site.


JBoss In Action
Stoyan Stefanov
author
Ranch Hand

Joined: Jul 16, 2008
Posts: 61
javascript can be dangerous, true. The worst mistakes are on the backend though, when on the backend you don't escape html properly and end up printing user input verbatim, you got the XSS. If the potential hacker can trick your backend to print unescaped user input, he can then use javascript to read and send himself your session cookie and so on.

The web is an insecure place, html is insecure, javascript is insecure, there's no sandboxing. Don't use eval for JSON data requests, in fact, never use eval. Don't include 3rd party javascripts in your pages, unless you really, really trust them, since they get access to everything your own scripts have access to.


<a href="http://www.thinkinginjavascript.com" target="_blank" rel="nofollow">my OOJS book</a>
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Object JavaScript and security