Javascript is an interpreted programming language, it is not compiled, that is, it is read and interpreted directly by the browser as source code when it reads the page.
In programming it is always very important to take security into account when writing code and one of the main points that we must take into account is Cross Site Scripting (XSS). In PHP escape functions are often used to avoid XSS and the logical thing would be that we use the same technique in javascript to escape the HTML. However, this is not a technique that we should use in javascript as what we really need is to avoid direct injection into the code.
The best thing to do is create DOM elements programmatically and insert them into the DOM. This means that the use of .html (), .innerHTML, and other related functions should be avoided.
What JavaScript can do
Javascript is actually a key and fundamental piece in a multitude of “hacking” techniques, it has a place in Phising techniques (identity theft), advanced techniques in attacks such as Cross site Scripting XSS (Session theft) and a multitude of techniques that we will describe when we have the foundations to understand how they work and how they are used.
As you may have noticed, any program that interacts directly with the user is a threat to them. When you are able to give orders to someone’s PC without being “authorized” then you are gaining control over their machine. Javascript does exactly this, command the user’s browser; normally to improve your experience when browsing a website, but as we all know these technologies, it has also been used to cause damage by undesirable people on the victim’s computer.
Over the years, browsers have evolved, gaining in security and that said and thanks to the efforts of people dedicated to security they manage to avoid those scripts made in Javascript that try to violate the security of the computer, however, and in parallel Plugins have also been developed for browsers that prevent any Javascript code from being executed on the computer.
[…] also:What should we know about security with JavaScriptIncognito Mode – A form of PrivacyHow we protect ourselves from […]
[…] also:What should we know about security with JavaScriptPDF Files, Why They Are So […]