Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Security in the World of JS Frameworks

JSConf via YouTube

Overview

Explore the security challenges and vulnerabilities in modern JavaScript frameworks in this JSConf EU 2015 talk by Artur Janc. Gain insights into common pitfalls affecting code written using popular frameworks like Angular, Polymer, and Dart. Learn about real-world examples of bugs in Google apps from a security engineer's perspective. Understand why security reviews of framework-based applications can be more challenging than traditional JavaScript code. Discover the importance of framework design in addressing security concerns. Topics covered include traditional XSS in JS code, mixing Angular with server-side templates, modifying the Angular DOM, dangerous jQuery-like functions, and opting into risky modes. Enhance your understanding of web application security in the context of modern JavaScript development.

Syllabus

Intro
Client security
Traditional XSS in JS code: execution sinks
The times have changed
Lightning-fast Introduction to Angular
Mixing Angular and server-side templates
Modifying the Angular DOM
Forcing evil ng-includes
$http.jsonp() on evil URL
XSS #5.2: Scary jQlite functions: html() & friends
Angular "special" functions
Opting into dangerous modes

Taught by

JSConf

Reviews

Start your review of Security in the World of JS Frameworks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.