Miscellaneous Insecurities and Prevention in ECMAScript
ECMAScript Insecurities and Prevention – Part 6
Foreword: In this part of the series, I talk about Miscellaneous Insecurities and Prevention.
By: Chrysanthus Date Published: 16 Jul 2016
ECMAScript’s regular expression can rather easily consume large amounts of both time and memory if the regular expression may match in several ways. Careful crafting of the regular expressions can help but quite often there really is not much you can do.
The eval Function
The syntax for the eval() function is:
where x is a non-string literal or a string (quotes) consisting of one or more statements separated by semicolons.
If x has input at runtime, then any unsafe code can be injected.
Whether a file is an operating system file (command) or a different user’s file, do not use any file you do not trust as input to your program. Validate input from any file you do not trust.
First Preventive Measure
The first preventive measure to take for any program is not to give any user or group that you do not trust, write permission. If you do that, they can rewrite your program for you to their advantage.
That is it for this part of the series.
Related LinksECMAScript Basics
Expressions in ECMAScript
Statements in ECMAScript
Custom Objects in ECMAScript
Functions in ECMAScript
ECMAScript Date Object
The ECMAScript String Object
ECMAScript String Regular Expressions
ECMAScript Template Literal
The ECMAScript Array
ECMAScript Sets and Maps
Scopes in ECMAScript
Sending Email with ECMAScript
ECMAScript Insecurities and Prevention
Advanced ECMAScript Regular Expressions
Promise in ECMAScript 2015
Generator in ECMAScript 2015
More Related Links
Node.js Web Development Course
Major in Website Design
Low Level Programming - Writing ECMAScript Module