Forwarding you to blog.acolyer.org

Synode: understanding and automatically preventing injection attacks on Node.js | the morning paper

If youre using JavaScript on the server side (node.js), then youll want to understand the class of vulnerabilities described in this paper. JavaScript on the server side doesnt enjoy some of the same protections as JavaScript running in a browser. In particular, Node.js modules can interact freely with the operating system without the benefit of a security sandbox. The bottom line is this: