What are common front-end security issues?

security

What are the front-end security issues?

• XSS cross-site request attack
• XSRF cross-site request forgery
• Above these two problems, the front end is only auxiliary, mainly or rely on the back end

XSS principle

• In a blog, you can write articles and sneak in a paragraph<script>The code.
• Post a blog, someone reads it
• When the blog is opened, the inserted JS attack code is executed
• In the attack code, a cookie(which may contain sensitive information) is obtained and sent to the attacker’s server, and the attacker obtains information about the blog’s readers.

XSS prevention

• Front-end replace keywords such as < with <
• However, front-end replacement affects performance, and usually back-end replacement

XSRF principle

• You’ve logged on to a shopping website and are browsing
• The paid interface is xxx.com/pay?id=100, but there is no verification
• And then you get an email, hidden< img SRC = "is xxx.com/pay?id=100" >
• You’ve secretly paid for it while checking your email

XSRF prevention

• Add authentication process, such as fingerprint, password, SMS verification code
• In practice, the front end works with the back end to do these validations

What are the general security issues?

XSS: Cross-site scripting attacks

Before the user can enter