Final 这个清单基于 Web Application Security Testing Cheat Sheet(OWASP维护)并且很大程度受它影响。
防止恶意RegEx让Node.js的单线程过载执行 正则表达式在方便的同时,给javascript应用造成真正的威胁,特别在nodejs平台。匹配文本的用户输入需要大量的CPU周期来处理。偏向第三方的验证包,比如validator.js,而不是采用正则,或者使用safe-regex来检测有问题的正则表达式。
safe-regex detect possibly catastrophic, exponential-time regular expressions hackathon-starter A boilerplate for Node.js web applications redux-orm A small, simple and immutable ORM to manage relational data in your Redux store.react-virtualized React components for efficiently rendering large lists and...