|
|
|
|
|
|
by will4274
3136 days ago
|
|
|
> No Front-End JS Library should actually make your backend vulnerable. FUD. Most SPAs keep the authentication token accessible to JavaScript so it can be sent to the API server. And XSS in the FE JS can permit an attacker to steal the user's authentication token and then the attacker could impersonate the user and take any action as the user. |
|
|