In recent years, we’ve all noticed data breaches because of lax security practices set forth by big tech. A lot of times it is because of lazy programming on the front end, but its not just that of course. The database breaches happen because the backend developer doesn’t sanitize incoming (and outgoing) data. What sanitizing data entails is that the data must be in a particular format and more importantly not embed commands. The backend script would also need to safely either deny code execution or display the command outright in meaning it thinks its text over a command to the server.
On the front end, the web site needs to only send plain text and automatically strip commands such as JavaScript from being submitted to the form and the server backend needs to escape the script tags should it display back to the user.
Sites like ShareThis are one of many and is the most recent data breach as of this blog posting. Being that it is a JavaScript based service, front end developers need to sanitize and work with back end developers to keep and store clean code that does not execute either on the front end or even worse inside database storage.