How to prevent XSS alter custom global javascript object & methods in WordPress

You’re not doing anything unusual or unsafe. You are just defining functions, which is a perfectly normal and reasonable thing to do with JavaScript. If there’s a malicious script running on your page then sure, it could redefine those methods, but it could also do other things that much worse.

This is why you need to make sure that malicious scripts can’t run on the page with basic practices like sanitisation and escaping. There’s no best practice about not defining functions. JavaScript wouldn’t work at all if you weren’t supposed to do that.

Related Posts:

  1. Does an activated plugin automatically mean its methods are available to other WP functions?
  2. JavaScript, best way to use data from the loop
  3. How to add API security keys into JS of wordpress securely
  4. security concerns if using html data-* attribute for l10n?
  5. $.ajax results in 403 forbidden
  6. Retrieve $_POST data to send to javascript without using localize script
  7. Sending jsPDF documents to the server
  8. Admin username and password
  9. How to prevent those PHP variables from being cached on WordPress?
  10. Ajax return code 400
  11. How can I add an alert (like the old javascript alerts) to my WP page?
  12. Pass PHP variable to JavaScript without inline JS
  13. Show post in slider
  14. How can I output a php value into a JS file within WordPress?
  15. Evaluations of two wordpress security plans against php code injection attack
  16. Using shipped version of jquery
  17. How to get media objects
  18. Putting PHP variables into javascript [duplicate]
  19. Bridging TinyMCE js and WordPress PHP?
  20. Call External Object in Class Function During Callback
  21. Trying to implement Ajax comments in WordPress, getting WP error
  22. How to test nonce with AJAX – Plugin development
  23. Use object in template part
  24. How do I display a user’s previous orders as a select box option on a product?
  25. Simple Plugin with custom javascript wont work – no console error
  26. How does this WordPress Plugin (Thrive Comments) apply their custom comment sort? [closed]
  27. How can I use a modal window to display the current post in loops featured image?
  28. js file in root loading without
  29. class click counter save number
  30. Trigger popup in a php if/else statement
  31. WordPress custom login form using Ajax
  32. database interactions using OOP
  33. Slider loading issue
  34. AJAX request status 200 but no actual “response”
  35. Button not refreshing page
  36. Ajax not working es expected (Returns 0)
  37. Customizer – Prefix Class Extension
  38. Use menu link or onClick to set a variable
  39. How to select the contents in the text view textrea in wp_editor?
  40. Creating a Multi-Level Associative Object Using AJAX
  41. Call global variable array() in woocommerce child/template
  42. WP functions in .js
  43. Adding custom directory and PHP files in wordpress
  44. Extending the WP_Widget_Text class
  45. Ajax – Call to undefined function get_option()
  46. Trying to get property of non-object “ wordpress ”
  47. Detect session/cookie variable in wordpress to prevent access to documents
  48. Populate dropdown with Child Pages based on Parent Page chosen
  49. Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
  50. remove wp floating submenu in wp dashboard
  51. SQL Injection blocked by firewall
  52. Displaying admin notices inside the block editor from rest_after_insert_{$this->post_type} hook
  53. search and replace preword from author
  54. How to complete two other input fields, completed the first
  55. Status 400 for AJAX POST Request with admin-ajax.php
  56. How to inject variables into public-facing JS using wp_enqueue_script
  57. How to pass aa JS variable to PHP?
  58. Customize Theme comment template to Insert VoteUp and VoteDown buttons
  59. Ajax random number always the same
  60. Image upload via FormData API and AJAX is not working ($_FILES always empty)
  61. I have a problem in the order of enqueues while enqueuing stylesheets and scripts for a specific page in my function.php
  62. JS file work only in index page
  63. Need Help Fixing My Iframes [closed]
  64. wp_enqueue_scripts leads to error
  65. Javascript file is not working on single.php wordpress [closed]
  66. How to change redirection route to a php page for making it only accessible by logged-in members?
  67. Integrating PHP into Javascript to display map markers with Google API – problem with wp_localize
  68. Save Search System
  69. dynamic dependent select dropdown
  70. Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
  71. Passing UTM Parameters To Modify Page In WordPress
  72. How to send Ajax request from my plugin in admin dashboard?
  73. Incorrect MIME type for assets with Valet
  74. Customizer: Multiple CSS styles on same element in Live Preview
  75. wordpress visual composer change grid builder post link
  76. Ajax load more button for comments wordpress
  77. How to register javascript variables in wp_localize_script?
  78. Open post-content in archive page in a Modal box with bootstrap
  79. Creating own shortcode – echoeing php variable based on JS variable
  80. How to add a do_action on refreshing of WP customizer?
  81. How to modify a global variable in a function and use it on another function?
  82. Cannot execute php files in wp-content
  83. How to pre populate a form field with a link of a current user’s author profile?
  84. parts of url disappear when using # inside href=”” [closed]
  85. How to pass Select value from Javascript to PHP to generate select option on change
  86. Menu jumping when calling it via PHP
  87. How does wp_enqueue_scripts work?
  88. wp attempt focus, disabling without touching core
  89. Setting value of session with Ajax not working
  90. AJAX success response is not working but it’s saving my changes
  91. PHP array to JS array to use in google map
  92. PhantomJS with wordpress
  93. How to add a Custom Mailchimp AJAX Newsletter Subscribe Form
  94. Media Upload , file name changed automatically
  95. Add / Update Custom Fields After Select Pictures in Media Window
  96. Post repeating with infinite scroll
  97. How do I get around “Sorry, this file type is not permitted for security reasons”?
  98. WordPress Scripts Being Loaded in Footer
  99. Fancybox type popup window that’s not an iframe
  100. Generate sidebar depending on height of post
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)