Securev Code Review in JavaScript and AJAXΒΆ
Ajax and JavaScript have brought functionality back to the client side, which has brought a number of old security issues back to the forefront. The following keywords relate to API calls used to manipulate user state or the control the browser. The advent of AJAX and other Web 2.0 paradigms has pushed security concerns back to the client side, but not excluding traditional server side security concerns. Look for Ajax usage, and possible JavaScript issues.
| STRING TO SEARCH | |||
|---|---|---|---|
| eval | document.cookie | document.referrer | document.attachEvent |
| document.body | document.body.innerHtml | document.body.innerText | document.close |
| document.create | document.execCommand | document.forms[0].action | document.location |
| document.open | document.URL | document.URLUnencoded | document.write |
| document.writeln | location.hash | location.href | location.search |
| window.alert | window.attachEvent | window.createRequest | window.execScript |
| window.location | window.open | window.navigate | window.setInterval |
| window.setTimeout | XMLHTTP |