13. •
•
•
•
•
•
• 15%
both Flow and TypeScript are pretty good, and conservatively either of them can prevent about 15%
of the bugs that end up in committed code.
To type or not to type: quantifying detectable bugs in JavaScript
https://blog.acolyer.org/2017/09/19/to-type-or-not-to-type-quantifying-detectable-bugs-in-javascript/
17. • Closure Templates
• Google Java JavaScript
• Twitter
XSS ( )
What are the benefits of using Closure Templates?
• Secure. Closure Templates are contextually autoescaped to reduce the risk of XSS.
Closure Templates | Google Developers
https://developers.google.com/closure/templates/
Closure Templates
teppeis blog
http://teppeis.hatenablog.com/entry/20120318/1332092081
18. XSS ( )
• React
• Facebook JavaScript
dangerouslySetInnerHTML
dangerouslySetInnerHTML is React’s replacement for using innerHTML in the
browser DOM. In general, setting HTML from code is risky because it’s easy to
inadvertently expose your users to a cross-site scripting (XSS) attack.
DOM Elements - React
https://reactjs.org/docs/dom-elements.html
function createMarkup() {
return {__html: 'First · Second'};
}
function MyComponent() {
return <div dangerouslySetInnerHTML={createMarkup()} />;
}
19. XSS ( )
Vue SSR XSS
Qiita
https://qiita.com/alfa/items/b0e807ae040fc8f61d20
Vue DOM SSR
※ Vue.js