Frontend Engineering

Frontend Security

5 practice questions. Free questions open a full answer guide; the rest unlock with Pro.

  • Where should a single-page app store an authentication token, and what are the security trade-offs between localStorage and an httpOnly cookie? Mid level
  • Why is it a problem to put an API key or secret directly in your frontend JavaScript, and what should you do instead?Go Pro Junior level
  • How does cross-site scripting happen in a modern frontend app, and what layers of defense would you put in place to prevent it?Go Pro Mid level
  • A feature needs to render rich text that comes from user-submitted content, and a teammate's PR uses dangerouslySetInnerHTML directly, reasoning that React escapes everything anyway. Walk me through the risk and how you'd make this safe.Go Pro Senior level
  • Your app renders links whose href comes from data users control, and some open in new tabs. A security review raises both the link destinations and the new-tab behavior. Walk me through the risks and how you'd harden this.Go Pro Senior level
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.