Frontend Engineering
Frontend Security
5 practice questions. Free questions open a full answer guide; the rest unlock with Pro.
- Where should a single-page app store an authentication token, and what are the security trade-offs between localStorage and an httpOnly cookie?
- Why is it a problem to put an API key or secret directly in your frontend JavaScript, and what should you do instead?Go Pro
- How does cross-site scripting happen in a modern frontend app, and what layers of defense would you put in place to prevent it?Go Pro
- A feature needs to render rich text that comes from user-submitted content, and a teammate's PR uses dangerouslySetInnerHTML directly, reasoning that React escapes everything anyway. Walk me through the risk and how you'd make this safe.Go Pro
- Your app renders links whose href comes from data users control, and some open in new tabs. A security review raises both the link destinations and the new-tab behavior. Walk me through the risks and how you'd harden this.Go Pro
Want questions matched to your role? Paste a job title, job description, or CV for a personalized set, or go Pro to unlock the full bank.