JavaScript security basics: XSS, CSRF, safe DOM updates, and avoiding eval
Client-side JavaScript can create security issues when it injects unsafe content, trusts the wrong source, or executes arbitrary code.
- Unsafe HTML updates can cause XSS
- CSRF abuses trusted browser state
- `eval` is dangerous and usually unnecessary
JavaScript security basics: XSS, CSRF, safe DOM updates, and avoiding eval