GWT in Action, Second Edition

3.9. Securing your application

You may have noticed that this book doesn’t have a specific chapter on security. We’d rather leave this extensive and rapidly changing topic to the experts, but we can’t write a book on web applications without touching on how GWT can help secure your application.

If you read GWT’s “Security for GWT Applications,”^[7] you’ll see that it summarizes four vectors of attack to which the GWT team feels GWT applications are vulnerable:

⁷ “Security for GWT Applications”: http://mng.bz/pq07.

JavaScript on your host page that’s unrelated to GWT
Code you write that sets innerHTML on GWT widget objects
Using the JSON API to parse untrusted strings (which ultimately calls the JavaScript eval function)
JSNI code that ...

Get GWT in Action, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

GWT in Action, Second Edition by Jason Essington, Adam Tacy, Anna Tokke, Robert Hanson

3.9. Securing your application

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly