Integrity Checks
<script src="https://code.jquery.com/jquery-3.2.1.slim.min.js"
integrity="sha384-KJ3o2DKtIkvYIK3UENzmM7KCkRr/rE9/Qpg6aAZGJwFDMVNA/GpGFF93hXpG5KkN"
crossorigin="anonymous"></script>Linters perform static analysis on your codebase. It helps to establish quality and avoid common pitfalls. Since quality goes hand in hand with security, linting helps to reduce the security risks.
Attackers will most often try to understand your code to hack their way through. Therefore, having a readable source code on a server makes it easier for a hacker to read.
What is cross-site scripting? - a website attack method that utilizes a type of injection to implant malicious scripts into websites that would otherwise be productive and trusted. Generally, the process consists of sending a malicious browser-side script to another user.
Cross-site scripting can be exploited when a web application uses data supplied by the browser to create responses to user requests. A very simplistic example would be a case where a web application makes use of a parameter in the URL to provide a customized response to the user.
Let’s say exmple.com/profile contains a name parameter. The URL for the request would look like https://example.com/profile?user=Tammy. The web application responds with “Hi Tammy” at the top of the page based on this input.
Protect your code from cross-site scripting attacks.
Any input you accept from the browser should be validated to ensure it only contains expected characters.
So if you have an phone number input field, make sure that you only get numbers and maybe dashes or parentheses as input.