1

I was reading this Question and Answer here and I am curious what are some dangers that could take place. I imagine that some sort of XSS or CSRF would be the problem, but they would have to have the ability to alter the return of the fetch.

Can someone provide an example for this being a problem and explain how in practice data should be received from a back end source?

LUser
  • 1,127
  • 4
  • 23
  • 39
  • 1
    the main reason is that `html` can contain `script` tags with, well.. script code inside it, are you sure you want to fetch that? the most common case is fetching `json` data and changing the `DOM` or doing other things accordingly. – Sagiv b.g Jun 22 '17 at 12:28
  • I don't know why I asked this question. I must have been in drunk philosophy mode. – LUser Oct 08 '17 at 20:52

1 Answers1

0

Exmaple ? MITM attack could take place, and change the data to contain malicious script.

Though this could be solved with HTTPS.

jony89
  • 5,155
  • 3
  • 30
  • 40