From the course: JavaScript: Security Essentials
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Best practices for XSS threats - JavaScript Tutorial
From the course: JavaScript: Security Essentials
Best practices for XSS threats
- [Instructor] Let's review the best practices for avoiding issues with cross-site scripting. First thing you should never do is pass unsafe data to your code. Like we've seen in many examples, we don't want to do that so if you have a form that you can pass scripting to it, if you have code that returns unsafe data, please sanitize it with the escaping syntax. Also something we did mention, and you should see it in the DOM based Prevention Cheat Sheet is the use of element dot textContent to populate DOM with safe usage. So if you have any elements on your DOM that use unsafe data, use the element dot textContent and you have more details of this in the DOM based prevention sheet. Also, use popular frameworks such as React and Angular. In most cases, React and Angular have escaping functions and have safe ways to make sure that the data you pass to your DOM is safe to use. So in most cases you want to use a framework when you're building websites, applications, and so on and so…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.