Vampires in the Browser: banishing uninvited Javascript from your web app



Event: PyConline AU 2021, online
Schedule link:

# Abstract

Legend has it that a vampire cannot enter a home unless they are invited to do so.

Much like vampires, Javascript cannot generally enter your web application unless it is invited in. Also like vampires, there are many sneaky ways that you may find yourself with a vampire someone else's Javascript inside your app without realising you've technically allowed it to be there. What happens next may be a bloodsucking nightmare or an eternal, sparkly romance, but whatever the outcome it's always better to know how to protect your spaces against intruders.

This session is here to help you solve this problem. Join us for a look at the ways that even the best-intentioned developer may leave loopholes for unwanted, third-party Javascript to creep into their apps, what that code can do when it gets there, and the incantations configurations you can deploy to prevent this from happening.