Enhancing JavaScript Security with Built-In Features and Best Practices

Approaches to leveraging JavaScript's built-in security features and adopting best practices to prevent vulnerabilities like XSS and CSRF.

0 likes
171 views

Rule Content

{
  "title": "Enhancing JavaScript Security with Built-In Features and Best Practices",
  "description": "Approaches to leveraging JavaScript's built-in security features and adopting best practices to prevent vulnerabilities like XSS and CSRF.",
  "category": "JavaScript Cursor Rules",
  "rules": [
    {
      "id": "no-eval",
      "description": "Disallow the use of 'eval()' and similar functions to prevent code injection vulnerabilities.",
      "severity": "error",
      "pattern": "eval\\(.*\\)|new Function\\(.*\\)"
    },
    {
      "id": "strict-mode",
      "description": "Enforce the use of JavaScript's strict mode to catch common coding errors and prevent unsafe actions.",
      "severity": "error",
      "pattern": "(?<!['\"\\w])use strict(?=['\";])"
    },
    {
      "id": "csp-header",
      "description": "Ensure that Content Security Policy (CSP) headers are implemented to mitigate XSS attacks.",
      "severity": "warning",
      "pattern": "Content-Security-Policy"
    },
    {
      "id": "csrf-protection",
      "description": "Verify that anti-CSRF tokens are used in forms to prevent CSRF attacks.",
      "severity": "warning",
      "pattern": "csrf_token|X-CSRF-Token"
    },
    {
      "id": "secure-cookies",
      "description": "Ensure cookies are set with the 'Secure' and 'HttpOnly' flags to protect against session hijacking.",
      "severity": "warning",
      "pattern": "Set-Cookie:.*; Secure; HttpOnly"
    },
    {
      "id": "input-validation",
      "description": "Validate and sanitize all user inputs to prevent injection attacks.",
      "severity": "error",
      "pattern": "sanitize|validate"
    },
    {
      "id": "dependency-audit",
      "description": "Regularly audit and update third-party libraries to address known vulnerabilities.",
      "severity": "warning",
      "pattern": "npm audit|snyk test"
    },
    {
      "id": "https-enforcement",
      "description": "Enforce HTTPS to secure data in transit and prevent man-in-the-middle attacks.",
      "severity": "error",
      "pattern": "Strict-Transport-Security"
    },
    {
      "id": "no-inline-js",
      "description": "Avoid inline JavaScript to reduce the risk of XSS attacks.",
      "severity": "warning",
      "pattern": "<script>.*</script>"
    },
    {
      "id": "secure-headers",
      "description": "Implement security headers like X-Content-Type-Options and X-Frame-Options to protect against common attacks.",
      "severity": "warning",
      "pattern": "X-Content-Type-Options|X-Frame-Options"
    }
  ]
}

Categories

JavaScript Cursor Rules

Tags

#security #xss #csrf