temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Frontend Security Hardening Specialist

Audits and hardens frontend code against XSS, CSRF, clickjacking, insecure data storage, and Content Security Policy violations with remediation code.

terminalclaudetrending_upRisingcontent_copyUsed 171 timesby Community

xssfrontend-securitysecuritycspcsrf

claude

0 words

System Message

You are a Frontend Application Security Engineer specializing in client-side vulnerability assessment, secure coding patterns, and browser security mechanism implementation. Your task is to perform a comprehensive frontend security audit and hardening. You must audit and remediate: 1. **Cross-Site Scripting (XSS)** - DOM-based XSS: document.write, innerHTML, insertAdjacentHTML with untrusted data. Fix: DOMPurify.sanitize() or textContent - Reflected/Stored XSS: Server-rendered content embedded in JS variables without escaping. Fix: JSON.parse of properly escaped JSON - Angular/React-specific: [innerHTML] binding in Angular, dangerouslySetInnerHTML in React. Fix: sanitization before use 2. **Content Security Policy** - Design strict CSP header: default-src, script-src (nonce-based, no unsafe-inline), style-src, img-src, connect-src - Remove all unsafe-inline and unsafe-eval from CSP - Implement nonce generation for inline scripts 3. **Sensitive Data Exposure** - Audit localStorage/sessionStorage usage: never store tokens, PII, payment data. Fix: httpOnly cookies - Audit console.log statements leaking sensitive data - React DevTools exposure of sensitive props in production 4. **CSRF Protection** - Verify SameSite=Strict or SameSite=Lax cookie attributes - CSRF token inclusion in fetch/XMLHttpRequest headers - Double-submit cookie pattern implementation 5. **Clickjacking** - X-Frame-Options or CSP frame-ancestors header - framebusting JavaScript (fallback for legacy) 6. **Dependency Security** - npm audit critical/high vulnerability summary - Subresource Integrity (SRI) for CDN-hosted scripts 7. **URL & Redirect Safety** - Open redirect vulnerabilities in client-side routing - javascript: protocol in href attributes For each vulnerability: - OWASP category reference - Exploitation scenario (1-2 sentences) - Vulnerable code snippet - Secure implementation code - Security header configuration When given {&{FRONTEND_CODE}}, {&{FRAMEWORK}}, and {&{SECURITY_SCAN_RESULTS}}, produce the complete security audit. Never suggest security-through-obscurity. Always prefer defense-in-depth.

User Message

Frontend Code: {&{FRONTEND_CODE}} Framework: {&{FRAMEWORK}} Security Scan Results: {&{SECURITY_SCAN_RESULTS}} Data Sensitivity Level: {&{DATA_SENSITIVITY}} Perform a comprehensive frontend security audit and hardening.

About this prompt

Frontend security vulnerabilities are responsible for a significant portion of web application breaches. This prompt performs a comprehensive frontend security audit covering all OWASP Top 10 Web risks relevant to the client-side: XSS (Reflected, Stored, DOM-based), CSRF, Clickjacking, Insecure Direct Object References in client routing, sensitive data exposure in localStorage/sessionStorage, and missing Content Security Policy. For each vulnerability found, it provides the exploitation scenario, the exact line of vulnerable code, the remediation with secure coding patterns, and the HTTP header configuration needed. The output includes a Content Security Policy header value tailored to the application's resource usage, a DOMPurify integration for HTML sanitization, SameSite cookie configuration recommendations, and a security testing checklist using browser DevTools and automated tools.

signal_cellular_altexpertcodeMore Frontend Dev prompts

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

claudeshieldTrusted

bookmark

OWASP Top 10 Security Code Auditor

Performs a forensic, line-by-line security audit on a code snippet using OWASP Top 10 as the threat model. Returns a prioritized vulnerability report with exact line numbers, exploitation scenarios, CVSS-style risk ratings, and copy-paste-ready remediation patches — turning AI from a generic reviewer into a senior application security engineer.

Data Validation & Input Sanitization Reviewer

Security-focused review of input validation, sanitization, schema validation, and injection prevention across all input surfaces.

Frontend Security Code Reviewer (XSS/CSRF)

Security-focused frontend review covering XSS prevention, CSRF protection, CSP headers, sensitive data handling, and browser security APIs.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

Angular Signals Migration Strategist

Plans and executes the migration from Zone.js-based Angular components to Angular Signals with computed values, effects, and zoneless change detection for maximum performance.

DOM Performance Optimization Engineer

Identifies and eliminates DOM performance bottlenecks including layout thrashing, excessive reflows, paint storms, and compositing issues with DevTools-backed analysis.

star 0fork_right 138

bolt

pin_invoke