File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What Are the Security Issues for a JavaScript Developer?

 
Kaydell Leavitt
Ranch Hand
Posts: 689
Eclipse IDE Firefox Browser Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm taking a course in JavaScript. What are the security issues with JavaScript development?
 
Tim Moores
Bartender
Pie
Posts: 2488
4
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
They're legion; start here: http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939
 
Kaydell Leavitt
Ranch Hand
Posts: 689
Eclipse IDE Firefox Browser Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tim Moores wrote:They're legion; start here: http://www.amazon.com/Ajax-Security-Billy-Hoffman/dp/0321491939


The book is about AJAX Security. Are there any other security issues with JavaScript that isn't AJAX?

Here is a website that says that security is so bad with JavaScript that JavaScript must die!
 
Elisabeth Robson
author
Ranch Hand
Posts: 173
6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Three that pop to mind (aside from Ajax) to think about:

1) Linking to script libraries on other sites: make sure you trust the script you're using!
2) Using JSONP to load scripts into your page; just like (1), make sure you trust the web service you're using.
3) Using eval without checking what you're eval-ing.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic