You’re not doing anything unusual or unsafe. You are just defining functions, which is a perfectly normal and reasonable thing to do with JavaScript. If there’s a malicious script running on your page then sure, it could redefine those methods, but it could also do other things that much worse.
This is why you need to make sure that malicious scripts can’t run on the page with basic practices like sanitisation and escaping. There’s no best practice about not defining functions. JavaScript wouldn’t work at all if you weren’t supposed to do that.
Related Posts:
- Does an activated plugin automatically mean its methods are available to other WP functions?
- JavaScript, best way to use data from the loop
- How to add API security keys into JS of wordpress securely
- security concerns if using html data-* attribute for l10n?
- $.ajax results in 403 forbidden
- Retrieve $_POST data to send to javascript without using localize script
- Sending jsPDF documents to the server
- Admin username and password
- How to prevent those PHP variables from being cached on WordPress?
- Ajax return code 400
- How can I add an alert (like the old javascript alerts) to my WP page?
- Pass PHP variable to JavaScript without inline JS
- Show post in slider
- How can I output a php value into a JS file within WordPress?
- Evaluations of two wordpress security plans against php code injection attack
- Using shipped version of jquery
- How to get media objects
- Putting PHP variables into javascript [duplicate]
- Bridging TinyMCE js and WordPress PHP?
- Call External Object in Class Function During Callback
- Trying to implement Ajax comments in WordPress, getting WP error
- How to test nonce with AJAX – Plugin development
- Use object in template part
- How do I display a user’s previous orders as a select box option on a product?
- Simple Plugin with custom javascript wont work – no console error
- How does this WordPress Plugin (Thrive Comments) apply their custom comment sort? [closed]
- How can I use a modal window to display the current post in loops featured image?
- js file in root loading without
- class click counter save number
- Trigger popup in a php if/else statement
- WordPress custom login form using Ajax
- database interactions using OOP
- Slider loading issue
- AJAX request status 200 but no actual “response”
- Button not refreshing page
- Ajax not working es expected (Returns 0)
- Customizer – Prefix Class Extension
- Use menu link or onClick to set a variable
- How to select the contents in the text view textrea in wp_editor?
- Creating a Multi-Level Associative Object Using AJAX
- Call global variable array() in woocommerce child/template
- WP functions in .js
- Adding custom directory and PHP files in wordpress
- Extending the WP_Widget_Text class
- Ajax – Call to undefined function get_option()
- Trying to get property of non-object “ wordpress ”
- Detect session/cookie variable in wordpress to prevent access to documents
- Populate dropdown with Child Pages based on Parent Page chosen
- Is there any risk setting WordPress file permissions and FS method to ‘direct’ on localhost?
- remove wp floating submenu in wp dashboard
- SQL Injection blocked by firewall
- Displaying admin notices inside the block editor from rest_after_insert_{$this->post_type} hook
- search and replace preword from author
- How to complete two other input fields, completed the first
- Status 400 for AJAX POST Request with admin-ajax.php
- How to inject variables into public-facing JS using wp_enqueue_script
- How to pass aa JS variable to PHP?
- Customize Theme comment template to Insert VoteUp and VoteDown buttons
- Ajax random number always the same
- Image upload via FormData API and AJAX is not working ($_FILES always empty)
- I have a problem in the order of enqueues while enqueuing stylesheets and scripts for a specific page in my function.php
- JS file work only in index page
- Need Help Fixing My Iframes [closed]
- wp_enqueue_scripts leads to error
- Javascript file is not working on single.php wordpress [closed]
- How to change redirection route to a php page for making it only accessible by logged-in members?
- Integrating PHP into Javascript to display map markers with Google API – problem with wp_localize
- Save Search System
- dynamic dependent select dropdown
- Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
- Passing UTM Parameters To Modify Page In WordPress
- How to send Ajax request from my plugin in admin dashboard?
- Incorrect MIME type for assets with Valet
- Customizer: Multiple CSS styles on same element in Live Preview
- wordpress visual composer change grid builder post link
- Ajax load more button for comments wordpress
- How to register javascript variables in wp_localize_script?
- Open post-content in archive page in a Modal box with bootstrap
- Creating own shortcode – echoeing php variable based on JS variable
- How to add a do_action on refreshing of WP customizer?
- How to modify a global variable in a function and use it on another function?
- Cannot execute php files in wp-content
- How to pre populate a form field with a link of a current user’s author profile?
- parts of url disappear when using # inside href=”” [closed]
- How to pass Select value from Javascript to PHP to generate select option on change
- Menu jumping when calling it via PHP
- How does wp_enqueue_scripts work?
- wp attempt focus, disabling without touching core
- Setting value of session with Ajax not working
- AJAX success response is not working but it’s saving my changes
- PHP array to JS array to use in google map
- PhantomJS with wordpress
- How to add a Custom Mailchimp AJAX Newsletter Subscribe Form
- Media Upload , file name changed automatically
- Add / Update Custom Fields After Select Pictures in Media Window
- Post repeating with infinite scroll
- How do I get around “Sorry, this file type is not permitted for security reasons”?
- WordPress Scripts Being Loaded in Footer
- Fancybox type popup window that’s not an iframe
- Generate sidebar depending on height of post