JS

JS¶

https://github.com/wisec/domxsswiki/wiki

https://github.com/i0natan/nodebestpractices#6-security-best-practices

Check for trustAsHtml for XSS Source

Check for dangerouslySetInnerHTML for XSS. Source

docker pull opensecurity/njsscan
docker run -v /path-to-source-dir:/src opensecurity/njsscan /src

https://semgrep.dev/r?q=gitlab.eslint.detect-object-injection

var parameters = {"page":"length"};

var data = ["1","2","3","4","5"]

//data.length
console.log(data[parameters["page"]]);

https://cheatcode.co/tutorials/how-to-implement-secure-httponly-cookies-in-node-js-with-express