Link to this headingJS

Link to this headingXSS sources/sinks

DOM XSS Wiki

Link to this headingNode

Node Security Best Practices

Link to this headingAngular

Check for trustAsHtml for XSS Source

Link to this headingReact

Check for dangerouslySetInnerHTML for XSS. Source

Link to this headingnjsscan

docker pull opensecurity/njsscan docker run -v /path-to-source-dir:/src opensecurity/njsscan /src

Link to this headingObject Injection

Semgrep Object Injection Rule

var parameters = {"page":"length"}; var data = ["1","2","3","4","5"]; //data.length console.log(data[parameters["page"]]);

Link to this headingExpress

Link to this headingCookies

How to Implement Secure, HTTPOnly Cookies in Node.js with Express