Security news aggregator

Latest coverage for JavaScript

JavaScript is a scripting language used in web pages and applications, where flaws in code or dependencies can enable attacks and data theft.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

JavaScript is a programming language used to add behavior to web pages and to build applications that run outside the browser, including server-side services and tooling. In browsers, scripts can read and modify a page’s content and interact with available web APIs, subject to the browser’s security boundaries.

Its main security risks include cross-site scripting (XSS), in which attacker-controlled input is executed as page code, and DOM-based flaws caused by unsafe handling of data in client-side code. Third-party scripts and package dependencies also expand the code supply chain and may expose user data or introduce vulnerable behavior. Practical controls include context-aware output encoding, avoiding unsafe DOM sinks, restrictive Content-Security-Policy rules, and reviewing, pinning, and monitoring dependencies for vulnerabilities.

Showing 1 most recent headlines Filtered view
The Register 3 years, 8 months ago

Oh, look: More malware in the Google Play store

Also, US media hit with JavaScript supply chain attack, while half of govt employees use out-of-date mobile OSes in brief A quartet of malware-laden Android apps from a single developer have been caught with malicious code more than once, yet the infected apps remain on Google Play and have collectively been downloaded more than one million times. …