Chapter 4. Security

10.1. The security mindset

10.2. Keeping your code as bug-free as possible

10.2.1. Enforcing good JavaScript with JSHint

10.2.2. Halting after errors happen in callbacks

10.2.3. Perilous parsing of query strings

10.3. Protecting your users

10.3.1. Using HTTPS

10.3.2. Preventing cross-site scripting attacks

10.3.3. Cross-site request forgery (CSRF) prevention

10.4. Keeping your dependencies safe

10.4.1. Auditing the code

10.4.2. Keeping your dependencies up to date

10.4.3. Check against the Node Security Project

10.5. Handling server crashes

10.6. Various little tricks

10.6.1. No Express here

10.6.2. Preventing clickjacking

10.6.3. Keeping Adobe products out of your site

10.6.4. Don’t let browsers infer the file type

10.7. Summary

What’s inside

@font-face { font-family: 'livebook'; src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0'); src:url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.eot?1.9.0') format('embedded-opentype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.woff?1.9.0') format('woff'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.ttf?1.9.0') format('truetype'), url('https://d19npu3b8zepp3.cloudfront.net/assets/fonts/livebook.svg?1.9.0') format('svg'); font-weight: normal; font-style: normal; }