Make your Vue & Nuxt apps MORE SECURE!

Security is critical - but often not thought through by developers when it comes to adding features. Luckily, Vue has a lot of safeguards in place - but there are situations where these won't help either. Which ones you wonder? Check out the video! #vue #nuxt #security #webdev --- Links and Resources: 🔗 State of JS https://survey.devographics.com/en-US/survey/state-of-js/2024?source=alexander_lichter_video_vue_security 🔗 DOMPurify https://github.com/cure53/DOMPurify 🔗 https://css-tricks.com/css-keylogger/ 🔗 OWASP Top Ten https://owasp.org/www-project-top-ten/ 🔗 Vue Security Best Practices https://vuejs.org/guide/best-practices/security.html 🔗 Nuxt Security Module https://github.com/Baroshem/nuxt-security/ 📺 Info around runtimeConfig https://www.youtube.com/watch?v=2tKOZc3Z1dk 📺 The most common runtimeConfig mistake https://www.youtube.com/watch?v=_FYV5WfiWvs 📺 Nuxt Plugin Object Syntax https://www.youtube.com/watch?v=2aXZyXB1QGQ 📺 Nuxt Context Loss with Async Code https://www.youtube.com/watch?v=ofuKRZLtOdY 📺 @DejaVueFm #E036 - Secure your Vue and Nuxt Applications (with Jakub Andrzejewski) https://www.youtube.com/watch?v=NsWZaPQWdQA --- Chaptermarks: 00:00 Intro 00:18 Fill out the State of JavaScript 2024 01:02 General Suggestions for Web App Security 01:42 What is Cross Site Scripting and how to avoid it 05:29 Avoid using v-html where possible 06:11 Sanitize v-html content if you can't avoid it 07:18 Limit URLs for e.g. redirects 08:10 Restrict the styles users can provide 09:31 Do not misconfigure your runtimeConfig 12:10 Cross Request State Pollution when using SSR 14:29 Avoid context loss with Pinia in Nuxt 16:42 The Nuxt Security Module 17:35 Check your own code 18:29 More Security? Check out the latest DejaVue Episode 18:42 Wrapping up