Skip to content

JS

JS

XSS sources/sinks

DOMXSS Wiki

Node

Node Security Best Practices

Angular

Check for trustAsHtml for XSS Source

React

Check for dangerouslySetInnerHTML for XSS. Source

njsscan

docker pull opensecurity/njsscan
docker run -v /path-to-source-dir:/src opensecurity/njsscan /src

Object Injection

Semgrep Object Injection Rule

var parameters = {"page":"length"};

var data = ["1","2","3","4","5"]

//data.length
console.log(data[parameters["page"]]);

Express

Cookies

How to Implement Secure, HTTPOnly Cookies in Node.js with Express