Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)

[RipOrbofWinter]

Issue:

Using JS has many security downsides, attempt to close these concerns While JavaScript is extremely popular and useful to enhance the web applications, it is important to recognize that like any other language, JavaScript applications also come with their share of vulnerabilities. Over the years, JavaScript has been responsible for several security vulnerabilities. The most common JavaScript vulnerabilities are Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).

It is extremely important to integrate secure coding practices into your software development lifecycle irrespective of what coding language you use. With the right vulnerability assessment measures in place, organizations can be sure that their developers are creating secure code, finding vulnerabilities as code is being written, and fixing any detected vulnerabilities as soon as they are found.

To do:

Research and close these security vulnerabilities.

[RipOrbofWinter]

From the gun doc:

Isn't it dangerous for passwords and keys to be in JS?

Yes, if you aren't careful, your user's password (or worse, their private keys) could be stolen by XSS or other attacks. So be warned, and encourage users to use MetaMask with the SEA plugins! This will keep passwords and keys in the browser, not in the app.