Sometimes, cyber security incidents are caused by Java script. What type of Java script is claimed to be dangerous? (22nd Mar 2023)

Preface: Vanilla JS is faster than other frameworks. It provides better response than all other front-end frameworks. In additional, it renders UI up to 30 times faster than React JS. In Vanilla, handling UI state is simple.React is a free and open source front-end JavaScript tool library for building user interfaces based on UI components. It is maintained by Meta and a community of individual developers and companies. React can be used as the basis for developing single-page, mobile or server-side rendering applications with frameworks like Next[.]js.

Background: Since client-side JavaScript is a necessity for any business building dynamic web pages or websites that use single-page application (SPA) architecture.
About twelve years ago, the modern web frontend development has advanced a lot. In order to exploit the features of Model-View-Controller (MVC) architecture. So it need to consider the frontend as a separate entity which talks to the backend only using the REST API (most preferably, REST JSON).
Below details describe the flow of SPA (single-page application).

  • Request the HTML template/s to the browser in one single go.
  • Then, query the JSON REST API to fill a model (data object).
  • Adjust the UI according to the data in the model (JSON).
  • When users modify the UI, the model (data object) should change automatically. For example, in AngularJS, it is possible with two-way data binding. Finally, make REST API calls to notify the server about changes whenever you want.

Suggestion: Refer to picture, Example A and B has the own advantage. Perhaps developers will be overlook cyber security awareness. Make it simple use Vanilla JS. However it contains a potential risk when used. It’s because the JavaScript code is viewable on the client-side. Thus, the most significant disadvantage of a Vanilla script is client-side security.
Remark: The design objective of vanilla script is used to refer to the pure JavaScript without any type of additional library.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.