TypeScript Secure Coding
Secure coding practices for TypeScript applications.
XSS Prevention
1// β Vulnerable
2function displayMessage(message: string) {
3 document.getElementById('output')!.innerHTML = message;
4}
5
6// β
Secure
7function displayMessage(message: string) {
8 const element = document.getElementById('output')!;
9 element.textContent = message;
10}
11
12// β
With sanitization
13import DOMPurify from 'dompurify';
14function displayMessage(message: string) {
15 const clean = DOMPurify.sanitize(message);
16 document.getElementById('output')!.innerHTML = clean;
17}
SQL Injection Prevention (Node.js)
1// β Vulnerable
2const username = req.body.username;
3const query = `SELECT * FROM users WHERE username = '${username}'`;
4db.query(query);
5
6// β
Secure
7const username = req.body.username;
8const query = 'SELECT * FROM users WHERE username = ?';
9db.query(query, [username]);
Command Injection Prevention
1// β Vulnerable
2import { exec } from 'child_process';
3const filename = req.query.file;
4exec(`cat ${filename}`, (error, stdout) => {
5 res.send(stdout);
6});
7
8// β
Secure
9import { execFile } from 'child_process';
10const filename = req.query.file as string;
11if (!/^[a-zA-Z0-9_.-]+$/.test(filename)) {
12 throw new Error('Invalid filename');
13}
14execFile('cat', [filename], (error, stdout) => {
15 res.send(stdout);
16});
Secure Password Hashing
1// β Insecure
2import crypto from 'crypto';
3const hash = crypto.createHash('md5').update(password).digest('hex');
4
5// β
Secure
6import bcrypt from 'bcrypt';
7const saltRounds = 12;
8const hash = await bcrypt.hash(password, saltRounds);
9const match = await bcrypt.compare(password, hash);
Secure Random Generation
1// β Insecure
2const token = Math.random().toString(36).substring(2);
3
4// β
Secure
5import crypto from 'crypto';
6const token = crypto.randomBytes(32).toString('hex');
Related Snippets
- C/C++ Code Smells
Common code smells in C/C++ and how to fix them. Memory Leaks 1// β Bad 2void β¦ - C/C++ Secure Coding
Secure coding practices for C/C++ applications. Buffer Overflow Prevention 1// β β¦ - C/C++ Vulnerability Checks
Tools for checking vulnerabilities in C/C++ code. Valgrind 1# Install 2sudo apt β¦ - Common Antipatterns
Common software antipatterns to avoid across all languages and architectures. β¦ - Common Code Smells
Common code smells to watch for during code reviews with examples and fixes. β¦ - Developer Pre-Submission Checklist
Comprehensive checklist for developers before submitting a pull request. Code β¦ - Go Code Smells
Common code smells in Go and how to fix them. Ignoring Errors 1// β Bad 2result, β¦ - Go Secure Coding
Secure coding practices for Go applications. SQL Injection Prevention 1// β β¦ - Go Vulnerability Checks
Tools for checking vulnerabilities in Go code. Govulncheck 1# Install 2go β¦ - Haskell Code Smells
Common code smells in Haskell and how to fix them. Partial Functions 1-- β Bad: β¦ - Haskell Secure Coding
Secure coding practices for Haskell applications. SQL Injection Prevention 1-- β β¦ - Haskell Vulnerability Checks
Tools for checking vulnerabilities in Haskell code. Cabal Outdated 1# Check β¦ - Python Code Smells
Common code smells in Python and how to fix them. Mutable Default Arguments 1# β β¦ - Python Secure Coding
Secure coding practices for Python applications. SQL Injection Prevention 1# β β¦ - Python Vulnerability Checks
Tools for checking vulnerabilities in Python code. Safety - Dependency Scanner β¦ - Reviewer Checklist
Comprehensive checklist for code reviewers to ensure thorough and constructive β¦ - Rust Code Smells
Common code smells in Rust and how to fix them. Unwrap/Expect Abuse 1// β Bad β¦ - Rust Secure Coding
Secure coding practices for Rust applications. SQL Injection Prevention 1// β β¦ - Rust Vulnerability Checks
Tools for checking vulnerabilities in Rust code. Cargo Audit 1# Install 2cargo β¦ - TypeScript Code Smells
Common code smells in TypeScript and how to fix them. Using any 1// β Bad β¦ - TypeScript Vulnerability Checks
Tools for checking vulnerabilities in TypeScript/JavaScript code. npm audit 1# β¦