Protecting your JavaScript APIs

Visit the original version of this article on Medium.

Here's an excerpt from an article I've published over at the Intrinsic blog:

When writing JavaScript libraries developers generally consider the user of the library to be well intentioned. Though they may add runtime checks (e.g., “the third argument is expected to be a string”) to APIs to prevent misuse, most libraries are not designed to interact with malicious code. But suppose your users were malicious. What does it take to make a JavaScript library robust against a malicious environment?

The article contains several different situations in which a malicious party is able to fool a JavaScript library into performing unintended actions. Do you have what it takes to lock down your libraries from such attacks?

Discussion:
Thomas Hunter II Avatar

Thomas is the author of Advanced Microservices and is a prolific public speaker with a passion for reducing complex problems into simple language and diagrams. His career includes working at Fortune 50's in the Midwest, co-founding a successful startup, and everything in between.