That section on Javascript security is pretty brief, I'd like to add some others from websites that I've tested:
* Take document.location.href and document.location.hash as unsanitised input especially if they're affecting DOM.
* Avoid using innerHTML or jQuery's .append(), they slow down the page with reflow and make it easier to inject code into the page.
* Always write regex to match the minimum it needs to; Javascript code is visible to the client and therefore anyone who wishes to find and abuse exploits, completely avoiding iterative testing to determine regexes that generate links and other code.
* Remember that because jQuery has a lot of syntactic sugar, doing $("#bac" + myString) can do a lot more than just select from a set of similarly id'd nodes.
* Take document.location.href and document.location.hash as unsanitised input especially if they're affecting DOM.
* Avoid using innerHTML or jQuery's .append(), they slow down the page with reflow and make it easier to inject code into the page.
* Always write regex to match the minimum it needs to; Javascript code is visible to the client and therefore anyone who wishes to find and abuse exploits, completely avoiding iterative testing to determine regexes that generate links and other code.
* Remember that because jQuery has a lot of syntactic sugar, doing $("#bac" + myString) can do a lot more than just select from a set of similarly id'd nodes.