Problem solve Get help with specific problems with your technologies, process and projects.

Security holes in JavaScript

Could you point out several security holes in JavaScript?

Sure. There have been enough of them over the years. Go to Bugtraq and search for "javascript." I just did it and came up with 459 items. That's more than several.

What is your real question?

Something to remember about security holes is that once they're fixed, they're no longer a problem, and *all* large systems have security holes in them. It takes time for fixes to propagate, because users have to upgrade or update to get the fixes. But once the bug is fixed, it's fixed.

Are you looking for ammunition for not using JavaScript in a Web application? If so, what are your alternatives? I can suggest a couple things. I'm old-fashioned and real fond of straight old HTML with text and pictures and no frames, myself, but I've seen some very pretty sites that use Flash, I must admit.

Are you looking for justification for having JavaScript turned off in your browser? I usually run with JavaScript turned off. Security problems aren't really the issue -- it's those damned pop-up windows. I hate them, and turning off JavaScript makes them go away.

Typically, my browser has JavaScript off, and if I come across some site that really needs it that I actually want to use, (often, my answer to a site saying it needs JavaScript is to just go do something else) then I turn it on. Usually I forget to turn it off until the next pop-up window comes up, angering me again.

This was last published in August 2001

Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.