JavaScript is one of the easy as well as difficult par of a GUI developers coding life. It’s a very handy tool when mastered can be very useful. But if you don’t understand it well or if you are trying your hand at it for the first time you can really have nightmares.
Lets discuss a security exploit very commonly targeted in JavaScript. Sites dealing in financial information, client secure data etc should be extra careful when using JavaScript. The simplest mistake most developers do is to write the script methods in the JSP / Html / Servlet Files (You can extend this to Asp client side scripting as well).
Basically this way of coding allows users to see your code and along with it unwanted information and security holes in your code. If application uses JavaScript intensively it is imperative that most of its GUI bugs will be in its JavaScript. And if your site has a reasonably good visibility, hackers will be prowling around WebPages for any information/data. Show it is always best to separate your javascript as a js file and use it in the code. This also keeps your main webpage clean.
A simple way to import javascript file in JSP is
<SCRIPT language=”JavaScript” src=”/src/lib/test.js” “></SCRIPT>
Many developers use a JSP include of other JSP files(which at times contains solely javascript). Even this practice is not advisable as this might keep your code clean, but still will expose your code.