What Javascript security techniques and issues should be part of a programmer's skill set for solid web development?

Question

What Javascript security techniques, issues, and limitations should be part of a programmer's skill set for solid web development?

Answer 1

Quick Google:

Cross Site Scripting

JavaScript Security

Basically JavaScript is fairly secure, running in a sand boxed environment, but there are vulnerabilities that need to be avoided.

Answer 2

I think one of the biggest things you can do besides reading about web security as much as possible is understand how the whole thing works. Understanding how the browser sends GETs and POSTs will clue you in quickly on how a hacker can easily bypass naive security measures.

Having a good grasp of Javascript itself seems like a no-brainer, but JS frameworks allow people to copy and paste their way to a great user experience. Learn some basic programming with javascript.

Realize that your code is not written in stone, any user can change your code or data. Even more your source code is always viewable. Never trust what the browser sends your server. Javascript form validation is for the user's benefit only and not for actual validation. You must validate on the server side.

Answer 3

Basically you can't secure JavaScript. It's just not possible.. Always do server-side validation, basically :)