If not guarded against, JavaScript applications can be vulnerable to several types of security exploits. Because the GWT (GWT) produces JavaScript code, that code is is also vulnerable to JavaScript attacks. This section helps educate GWT developers about the risks and explains how to write secure GWT applications.

  1. Security for GWT Applications – Describes different types of attacks you can expect, and how to code against them
  2. SafeHtml – Provides coding guidelines with examples showing how to protect your application from XSS vulnerabilities due to untrusted data
  3. GWT RPC XSRF protection – Describes how to prevent Cross-Site Request Forgery (XSRF or CSRF) vulnerabilities GWT RPCs