Miscellaneous Insecurities and Prevention in ECMAScript

ECMAScript Insecurities and Prevention – Part 6

ECMAScript 6

Foreword: In this part of the series, I talk about Miscellaneous Insecurities and Prevention.

By: Chrysanthus Date Published: 16 Jul 2016

Introduction

This is part 6 of my series, ECMAScript Insecurities and Prevention. The word, miscellaneous, means features that do not really fit into a particular category. In this part of the series, I talk about Miscellaneous Insecurities and Prevention. You should have read the previous parts of the series before coming here, as this is a continuation.

Regular Expression
ECMAScript’s regular expression can rather easily consume large amounts of both time and memory if the regular expression may match in several ways. Careful crafting of the regular expressions can help but quite often there really is not much you can do.

The eval Function
The syntax for the eval() function is:

eval(x)

where x is a non-string literal or a string (quotes) consisting of one or more statements separated by semicolons.

If x has input at runtime, then any unsafe code can be injected.

File
Whether a file is an operating system file (command) or a different user’s file, do not use any file you do not trust as input to your program. Validate input from any file you do not trust.

First Preventive Measure
The first preventive measure to take for any program is not to give any user or group that you do not trust, write permission. If you do that, they can rewrite your program for you to their advantage.

That is it for this part of the series.

Chrys

Broad Network

Related Articles

Miscellaneous Insecurities and Prevention in ECMAScript

ECMAScript Insecurities and Prevention – Part 6

ECMAScript 6

Introduction

Related Links

Comments