JavaScript bank Security JavaScript / 7 questions Your progress 0 / 7 done Saved in this browser. Reset All 7 Medium 4 Hard 3 Hide done No questions match those filters. 1 Explain Cross-Site Scripting (XSS) — stored, reflected, and DOM-based — and how to prevent each in a JS app. Medium 2 Explain Cross-Site Request Forgery (CSRF) and how SameSite cookies and CSRF tokens mitigate it. Medium 3 What is Content Security Policy (CSP) and how do you configure it to block inline script injection? Hard 4 Explain prototype pollution vulnerabilities in JS — how can merging untrusted objects corrupt `Object.prototype`? Hard 5 What is Subresource Integrity (SRI) and how does it protect against compromised third-party CDN scripts? Medium 6 Explain CORS from the browser's perspective — preflight requests, allowed headers, and credentialed requests. Medium 7 What are Trusted Types and how do they help prevent DOM-based XSS at the browser API level? Hard ← Previous System Design Next → Company Specific