XJavascript.com
Toggle Menu
Home
Online Javascript Compiler
Tutorials
JavaScript Tutorials
TypeScript Tutorials
Blog
All Posts
JavaScript Security Best Practices
Learn about preventing XSS,CSRF,and handling sensitive data in JS/TS.
1. Which of the following is a primary method to prevent Cross-Site Scripting (XSS) attacks in JavaScript?
Using innerHTML directly with user input
Sanitizing user input before rendering
Disabling CORS for all requests
Using eval() with untrusted data
2. Which of the following are secure practices for handling user authentication in JavaScript? (Select all that apply)
Storing passwords in plain text in localStorage
Using HTTP-only cookies for session tokens
Implementing CSRF tokens in forms
Exposing API keys in client-side JavaScript files
Hashing passwords with bcrypt before storage
3. The 'SameSite' cookie attribute helps mitigate Cross-Site Request Forgery (CSRF) attacks.
True
False
4. What does CSP stand for in the context of web security?
5. What is the primary risk of using 'eval()' in JavaScript with untrusted input?
Improved code performance
Code injection vulnerabilities
Enhanced readability
Faster DOM manipulation
6. Which JavaScript functions are considered unsafe due to potential code injection risks? (Select all that apply)
eval()
JSON.parse()
Function() constructor
setTimeout('maliciousCode')
console.log()
7. Storing sensitive information like API keys in localStorage is secure because localStorage is only accessible client-side.
True
False
8. What HTTP response header specifies which origins are allowed to access a resource, as part of CORS?
9. Which CSP directive restricts the sources from which JavaScript scripts can be loaded?
default-src
script-src
style-src
img-src
10. How can DOM-based XSS attacks be mitigated? (Select all that apply)
Using textContent instead of innerHTML
Sanitizing HTML with libraries like DOMPurify
Enabling CSP with 'script-src self'
Using eval() to parse user input
Disabling client-side JavaScript
11. Enabling 'use strict' in JavaScript helps prevent security vulnerabilities by catching unsafe coding practices.
True
False
12. What term describes an attack where malicious scripts are injected into web pages viewed by other users?
13. Which npm command identifies security vulnerabilities in installed dependencies?
npm install
npm audit
npm update
npm init
14. Which are secure practices for form submissions in client-side JavaScript? (Select all that apply)
Validating input only on the client-side
Using HTTPS for all submissions
Including CSRF tokens in requests
Disabling HTML5 validation attributes
Re-validating input on the server-side
15. DOM-based XSS occurs when untrusted data is reflected in the DOM without sanitization, processed by client-side JS.
True
False
16. What cookie attribute prevents access to the cookie via client-side JavaScript?
17. What is the purpose of Subresource Integrity (SRI) in JavaScript?
To encrypt data in transit
To ensure third-party resources haven't been tampered with
To enable CORS for external scripts
To minify JavaScript files
18. Which should never be exposed in client-side JavaScript? (Select all that apply)
User passwords
Public API endpoints
Database connection strings
HTTP-only session cookies
Server-side API keys
19. Using 'SameSite=Strict' for cookies allows the cookie to be sent in cross-site requests, enhancing usability.
True
False
20. What security practice involves regularly scanning and updating third-party libraries to fix vulnerabilities?
Reset
Answered 0 of 0 — 0 correct