Home » Developing for Drupal » Standards, security and best practices » Writing secure code

JavaScript

Last modified: February 15, 2007 - 12:20

[This section is under construction].

A few general guidelines:

  • Do not rely on JavaScript for validation; users can disable JavaScript.
  • Do not assume that data sent to AJAX postback functions is sent by your JavaScript function.
  • Do not assume that data sent to or by a JavaScript function cannot be observed by the user.
  • Beware that certain DOM functions decode HTML entities. Do not reinsert those into a page without escaping.
» Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.