For development of mobile applications, web applications, it is one of the popular technologies. In spite of the popularity it has gone on to emerge as a major hotspot for the hackers.
Cross site scripting
A browser side grey area when it comes to Java Script is XSS. Such a form of attack is going to occur when an outsider inserts a malicious code into an application that is vulnerable. Nearly 40 % of internet based attacks tend to be XSS attacks.
It is possible for an attacker to manipulate Java Script or HTML so as to trigger a malicious code. The XSS is rated highly as it is possible for an attacker to gain access on to the session storage. So as to ensure protection of your Java Script in respect to XSS, on to the web page it is not necessary to inject any web scripts as it is better to use CSS.
Server side injection of security
Issues at the level of clients
With developers introducing API at the end of clients, it is bound to make the applicable vulnerable to external threats. In some cases the poor web development modules deserve all the blame. The client side browser script is going to have access to any type of content that is returned by the web on to the web browser. It is going to include cookies that have sensitive data like a session ID. It could lead to a situation where the hackers would be looking to hijack the user sessions and look out for sensitive user data.