How to prevent XSS alter custom global javascript object & methods in WordPress

You’re not doing anything unusual or unsafe. You are just defining functions, which is a perfectly normal and reasonable thing to do with JavaScript. If there’s a malicious script running on your page then sure, it could redefine those methods, but it could also do other things that much worse.

This is why you need to make sure that malicious scripts can’t run on the page with basic practices like sanitisation and escaping. There’s no best practice about not defining functions. JavaScript wouldn’t work at all if you weren’t supposed to do that.

Related Posts:

  1. Does an activated plugin automatically mean its methods are available to other WP functions?
  2. JavaScript, best way to use data from the loop
  3. How to add API security keys into JS of wordpress securely
  4. security concerns if using html data-* attribute for l10n?
  5. $.ajax results in 403 forbidden
  6. Retrieve $_POST data to send to javascript without using localize script
  7. Go Back to Previous Page
  8. Enforcing password complexity
  9. Pass media upload value to input field
  10. Create a global variable for use in all templates
  11. Where exactly do I write define( ‘WP_DEBUG’, true ) in wp-config file
  12. Data fetch and delete by ajax request
  13. Colorbox ajax loading of outside HTML content works perfect on localhost but not on server
  14. Slide in Panel WordPress Post
  15. Shortcode Inside Class Not Working
  16. Using shipped version of jquery
  17. Bridging TinyMCE js and WordPress PHP?
  18. Trying to implement Ajax comments in WordPress, getting WP error
  19. Simple Plugin with custom javascript wont work – no console error
  20. class click counter save number
  21. WordPress custom login form using Ajax
  22. Button not refreshing page
  23. Call global variable array() in woocommerce child/template
  24. Ajax – Call to undefined function get_option()
  25. Detect session/cookie variable in wordpress to prevent access to documents
  26. Populate dropdown with Child Pages based on Parent Page chosen
  27. SQL Injection blocked by firewall
  28. How to inject variables into public-facing JS using wp_enqueue_script
  29. Ajax random number always the same
  30. Javascript file is not working on single.php wordpress [closed]
  31. How to send Ajax request from my plugin in admin dashboard?
  32. Customizer: Multiple CSS styles on same element in Live Preview
  33. How to register javascript variables in wp_localize_script?
  34. Menu jumping when calling it via PHP
  35. Setting value of session with Ajax not working
  36. AJAX success response is not working but it’s saving my changes
  37. Post repeating with infinite scroll
  38. WordPress Ajax Call inserting data but success response false
  39. Is the wp_enqueue method efficient?
  40. admin-ajax Firing Error 400 When Logged In
  41. Making an AJAX call to refresh a table
  42. add onchange to select in a wp form
  43. Jquery window.send_to_editor function
  44. Troll the hackers by redirecting them
  45. malware undetectable by multiple scans
  46. Post repeated when opening in overlay, how do I solve this? [closed]
  47. Submitting a form, using Ajax, to run a SQL Select query based on user input from the form
  48. Run JS Code on userlog out
  49. Is it possible to isolate and use WordPress functions outside of wordpress
  50. Testing a Form’s Zipcode Field with Regular Expressions to Determine WordPress Page Behaviour
  51. Hot to check if new posts have been published since page load and notify online users?
  52. Time Delay a URL Redirect for Specific Page
  53. Cascading dropdown select search based on Parent Page & Child Page
  54. WordPress cascading dropdown selection search based on Parent Page & Child Page
  55. Unable to display multiple parameters from url by javascript through shortcodes
  56. Settings API form – submit with AJAX
  57. Search bar for wp menu
  58. Executing php on button press
  59. echo cutom css code to WordPress page template file ? is this safe?
  60. Run do_shortcode on php template using JS function
  61. global $product is empty string when passed into function
  62. Use PHP Class in WordPress functions
  63. Trying to add some custom text into WordPress Post title via function.php
  64. I have a lot of JavaScript erorrs after SSL someone can help me?
  65. How can i show specific Category List?
  66. Using Javascript On Page – Header and Footer Now Missing
  67. Store data from JavaScript object to custom table in user account
  68. Site infected by link
  69. Adding extra data to shortcode attributes and pass it to JS with wp_localize_script
  70. Show the subcategory name based on current product
  71. Proper use of Output Buffer for a whole php clas
  72. Access WP files on “server 1”, from “server 2” – using wp-load on an external website
  73. Javascript Tab Gallery with Advanced Custom Fields
  74. Cannot successfully execute AJAX script to call function.php specific function. Using XAMPP localhost to test
  75. sessionStorage saves input value in browser but it is not loaded in the form field
  76. Replacing entire tag with shortcode – JavaScript [duplicate]
  77. How do I make comment-reply-button with that takes to comment reply form on click
  78. Deny php execution in /wp-includes – using .htaccess in /wp-includes VS root folder
  79. wordpress all post filter by year
  80. Generate a radius search of custom post type locations
  81. custom field – changing an element or background of id div – different versions not working
  82. Calling WordPress hook from within a class: call to undefined function error
  83. How to load WP_Editor JS files manually (with AJAX)?
  84. Bootstrap Carousel Indicators Won’t Cycle On Custom WordPress Theme
  85. Where to find the html for WordPress site? [closed]
  86. Why isn’t my custom Javascript showing up in my custom template?
  87. global $post inside plugin query messes up every new post page in wp-admin
  88. What is wrong with assigning values to a WP_List_Table class?
  89. 500 (Internal Server Error) of external php file
  90. Add title and caption to thumbnail image on mouseover
  91. Problems with plugin that fetches data from database with ajax
  92. Dynamic Gallery
  93. Cannot get custom javascript to execute on page
  94. How to create and add js and css file when server is not on my PC?
  95. Object of class WP_Post could not be converted to string while trying to console.log wp_get_nav_menu_items
  96. Check radio get value to array
  97. Pass a PHP variable (loop-audio.php) to jQuery function (js/script.js)
  98. Slick slider not working on wordpress
  99. Show Login Errors In WordPress/Elementor (Code “works”, but breaks site)
  100. How can I use AJAX in child theme template?