+ 9
[CONFUSED] If client-side scripting language like JavaScript is not secure, then why do people keep on recommending them?
I'm really confused right now because several people says that JavaScript is not secure BUT why do people keep on recommending native JavaScript rather than its frameworks and libraries like Angular5, React and Vue and also there's a server-side scripting languages like PHP, Laravel, etc which is more secure than client-side.
10 Antworten
+ 20
JavaScript is a client side scripting language. In most circumstance, a user can easily access and edit your page JS content. In the case where you slip up and use JS to handle stuff within security context, injections can be done and that's where it's "insecure".
In fact, JS is not insecure. There are only JS codes written in such a way that compromises the security of a site. There will be practitioners who blame the language directly, instead of figuring out what went wrong and the correct method to actually handle and process sensitive information.
It's not fair to compare JS to PHP and other server side languages, as they serve completely different purposes.
+ 12
Good question. Thanks for the information 🤗
+ 10
JavaScript is the most secure script in fact, otherwise nobody would want to use browsers to load any webpages nowadays, nearly all webpages contain JavaScript codes.
+ 8
Sleepy Koala
Don't be confused. All JavaScript frameworks are basically JavaScript codes including React, Vue, Angular, jQuery...
+ 4
Calviղ Can you explain which is more secure if native JavaScript is compared with React or Vue?
+ 4
the Frameworks are just for making javascript easier, javascript is the main language.
anything you can do with frameworks, you can surely do it with pure javascript
+ 3
Thanks to all for your informative answers guys! Love this community! I learned much everyday!
+ 1
Because we need Javascript, it's essential for a good user experience. If somebody want to change the code from his client side, the page can be not working anymore but the user did it. BUT, cause everybody can see your javascript code, you have to keep your ids for database for example, in the server side.
0
One reason people may think that Javascript is not secure, is because of many virus had been made with it. Reason why some mail services don't allow you to send -.js- files.