Never Trust Yourself

Understand the importance of using safe defaults

No story this time. This chapter is a catch-all for other attacks you need to protect against, so there isn’t an overarching narrative. Try to contain your disappointment.

Use safe defaults

One of the core concepts of a secure system is safe defaults. Whenever possible (and it’s usually possible), define variables, properties, and everything else early with a safe default.

A safe default usually means a default, null, empty, or false state. When determining logic flow, the default should always be a failure. For example, in the earlier authentication examples, we checked if the password was correct. If it was, we proceed to the positive application logic. If it failed, the function executes the default logic for a non-positive result.

This is incredibly important in JavaScript. Because it’s asynchronous, you can’t be sure about the order in which variables will be evaluated and mutated.

Let’s look at a basic example with form validation:

Get hands-on with 1200+ tech skills courses.