1. There are problems that may cause front-end security
-
Cross-Site Scripting (XSS) : A code injection method. It is called XSS in order to distinguish it from CSS. It was common in online forums in the early days. The reason is that the website does not strictly restrict user input, which makes attackers You can upload the script to the post to allow others to browse to the page with the malicious script. The injection method is very simple including but not limited to Javascript / VBScript / CSS / Flash, etc.
-
Abuse of iframes: The content in iframes is provided by third parties. By default, they are not under our control. They can run Javascript scripts, Flash plug-ins, pop-up dialog boxes, etc. in the iframe, which may ruin the front-end user experience.
-
Cross-Site Request Forgeries (CSRF) : Refers to a passive attack that an attacker uses to set up traps to force users who have completed authentication to perform unexpected personal information or set information and other status updates.
-
Malicious third-party libraries : Whether it is back-end server or front-end application development, most of the time we use development frameworks and various libraries for rapid development. Once a third-party library is implanted with malicious code, it is easy to cause security problems. For example, the malicious code event of event-stream. On November 21st, 2018, a user named FallingSnow posted a question about the implantation of malicious code in the well-known JavaScript application library event-stream in a github issue, indicating that the event-stream used Malicious code that steals users' digital wallets.