Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
ContentMedium PriorityPro

Dangerous JavaScript Functions

Dangerous JavaScript functions like eval(), document.write(), and innerHTML can introduce DOM-based XSS vulnerabilities when used with untrusted input.

Why It Matters

DOM-based XSS through dangerous functions is harder to detect than reflected XSS and bypasses server-side sanitization. Attackers can execute arbitrary code in the user's browser context.

How We Check

We scan inline scripts and event handler attributes for calls to eval(), document.write(), innerHTML assignments, new Function(), and string-based setTimeout/setInterval.

How to Fix

Replace eval() with JSON.parse(). Use textContent instead of innerHTML. Use DOM APIs (createElement, appendChild) instead of document.write(). Implement Trusted Types via CSP.

Related Security Checks

Headers

Content Security Policy (CSP)

Headers

Trusted Types readiness

Check Your Website Now

Run a free security scan to check for Dangerous JavaScript Functions issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.