Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As someone who does application security assessments for a living, the biggest problem with jQuery is the lingering, outdated, vulnerable versions that are pervasive (1.x and 2.x in particular) in so many applications. I don't care if you decide to use jQuery or not, just have a plan to maintain it and be able to update it without breaking everything, should the need arise.

/preaching



I'm curious - what are the types of vulnerabilities that lie in the client-side jQuery?


If you allow unchecked data to be stored & retrieved there are some XSS vulns in older versions. Ideally this would be prevented in a sane environment.


Is this a problem that's worse with jQuery than with other libraries such as vue.js, angular, react? (genuine question, not a comeback)


Just curious what vulns specifically you're referring to?


https://snyk.io/vuln/npm:jquery




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: