From the course: JavaScript: Security Essentials
Join today to access over 25,500 courses taught by industry experts.
Best practices for XSS threats - JavaScript Tutorial
From the course: JavaScript: Security Essentials
Best practices for XSS threats
- [Instructor] Let's review the best practices for avoiding issues with cross-site scripting. First thing you should never do is pass unsafe data to your code; like we've seen in many examples; we don't want to do that. So if you have a form that you can pass scripting to it, if you have code that returns unsafe data, please sanitize it with the escaping syntax or similar tools. Also, something we didn't mention, and you should see it in the dom-based prevention cheat sheet, is the use of element.textContent to populate the dom with safe usage. So if you have any elements on your dom that use unsafe data, use the element text content, and you have more details of this in the dom-based prevention sheet. Also, use popular frameworks such as React and Angular. In most cases, React and Angular have escaping functions and have safe ways to make sure that the data you pass to your dom is safe to use. So in most cases, you want to use a framework when you're building websites, applications…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.