As web developers, using 3rd party resources is extremely common. We use 3rd
party JavaScripts all the time, either via npm
, bundled into our code, or via
<script>
tag (e.g.: Google Analytics, etc). Embedding 3rd party images/media
is also pretty common. Even linking to a 3rd-party site can have security
implications!
Let's go over some of the more common attack vectors when using 3rd party resources, what problems they may cause, and how to mitigate them.