Some jquery methods are unsafe, particularly .append() and the jquery selector $('') which can also create nodes $('<img>') will generate a img node. Only a few jquery methods should be passed unescaped input Safe methods .text() .attr() .prop() .val() Unsafe methods .html() $() .append*() .wrap*() .prepend*() .before() .after() .insert*()
SQL Injection , XSS , CRSF , Security misconfiguration and CSSLP