5.3.6 The application protects against JavaScript or JSON injection attacks

Verify that the application projects against JavaScript or JSON injection attacks, including for eval attacks, remote JavaScript includes, CSP bypasses, DOM XSS, and JavaScript expression evaluation. (C4)

Level 1 X
Level 2 X
Level 3 X
CWE NIST
830