16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
34 lines
1.0 KiB
Plaintext
34 lines
1.0 KiB
Plaintext
== Why is this an issue?
|
|
|
|
Debug statements are always useful during development. But include them in production code - particularly in code that runs client-side - and you run the risk of inadvertently exposing sensitive information, slowing down the browser, or even erroring-out the site for some users.
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,javascript]
|
|
----
|
|
console.log(password_entered); // Noncompliant
|
|
----
|
|
|
|
== Resources
|
|
|
|
* https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/[OWASP Top 10 2021 Category A9] - Security Logging and Monitoring Failures
|
|
* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Replace this usage of console.{log|warn|error} by a logger.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
endif::env-github,rspecator-view[]
|