Skip to main content

JavaScript

In this section, you will find a list of the rules associated with the JavaScript language and the security requirements.

MethodSecurity Requirement
JAVASCRIPT_ACCEPTS_ANY_MIME_DEFAULT062. Define standard configurations
266. Disable insecure functionalities
349. Include HTTP security headers
JAVASCRIPT_ACCEPTS_ANY_MIME_METHOD062. Define standard configurations
266. Disable insecure functionalities
349. Include HTTP security headers
JSX_LACK_OF_VALIDATION_EVENT_LISTENER173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
JS_CLIENT_STORAGE177. Avoid caching and temporary files
329. Keep client-side storage without sensitive data
JS_CRYPTO_CREDENTIALS145. Protect system cryptographic keys
156. Source code without sensitive information
266. Disable insecure functionalities
JS_DEBUGGER_ENABLED077. Avoid disclosing technical information
078. Disable debugging events
JS_DECODE_INSECURE_JWT_TOKEN173. Discard unsafe inputs
320. Avoid client-side control enforcement
357. Use stateless session tokens
JS_DYNAMIC_X_PATH173. Discard unsafe inputs
JS_HAS_REVERSE_TABNABBING173. Discard unsafe inputs
324. Control redirects
JS_INSECURE_COMPRESSION_ALGORITHM266. Disable insecure functionalities
JS_INSECURE_COOKIE029. Cookies with security attributes
JS_INSECURE_CREATE_CIPHER148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_ECDH_KEY148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_EC_KEYPAIR148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_ENCRYPT148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_HASH148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_HASH_LIBRARY148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSECURE_JWT_TOKEN228. Authenticate using standard protocols
JS_INSECURE_LOGGING080. Prevent log modification
173. Discard unsafe inputs
JS_INSECURE_RSA_KEYPAIR148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_INSEC_COOKIES029. Cookies with security attributes
JS_INSEC_MSG_AUTH_MECHANISM148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_JSON_PARSE_UNVALIDATED_DATA173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
JS_JWT_INSEC_SIGN_ALGORITHM148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_JWT_INSEC_SIGN_ALGO_ASYNC148. Set minimum size of asymmetric encryption
149. Set minimum size of symmetric encryption
150. Set minimum size for hash functions
181. Transmit data using secure protocols
336. Disable insecure TLS versions
JS_LOCAL_STORAGE_SENS_DATA_ASSIGNMENT173. Discard unsafe inputs
320. Avoid client-side control enforcement
357. Use stateless session tokens
JS_LOCAL_STORAGE_WITH_SENSITIVE_DATA173. Discard unsafe inputs
320. Avoid client-side control enforcement
357. Use stateless session tokens
JS_NON_SECURE_CONSTRUCTION_OF_COOKIES030. Avoid object reutilization
JS_PATH_TRAVERSAL173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters
JS_REGEX_INJECTION072. Set maximum response time
327. Set a rate limit
JS_REMOTE_COMMAND_EXECUTION173. Discard unsafe inputs
265. Restrict access to critical processes
266. Disable insecure functionalities
JS_SALT_IS_HARDCODED266. Disable insecure functionalities
JS_SQL_API_INJECTION169. Use parameterized queries
173. Discard unsafe inputs
JS_SQL_INJECTION169. Use parameterized queries
173. Discard unsafe inputs
JS_UNNECESSARY_IMPORTS158. Use a secure programming language
JS_UNSAFE_HTTP_XSS_PROTECTION062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
JS_UNSAFE_HTTP_X_FRAME_OPTIONS062. Define standard configurations
175. Protect pages from clickjacking
266. Disable insecure functionalities
349. Include HTTP security headers
JS_UNSAFE_ORIGIN266. Disable insecure functionalities
JS_UNSAFE_XSS_CONTENT029. Cookies with security attributes
173. Discard unsafe inputs
JS_USES_BYPASS_SECURITY_TRUST_URL173. Discard unsafe inputs
JS_USES_DANGEROUSLY_SET_HTML173. Discard unsafe inputs
JS_USES_EVAL266. Disable insecure functionalities
JS_USES_INNERHTML173. Discard unsafe inputs
JS_WEAK_RANDOM223. Uniform distribution in random numbers
224. Use secure cryptographic mechanisms
JS_XML_PARSER173. Discard unsafe inputs
JS_ZIP_SLIP173. Discard unsafe inputs
320. Avoid client-side control enforcement
342. Validate request parameters