The following table lists the OWASP Top Ten standard items SonarJS is able to detect, and for each of them, the rules providing this coverage.
|OWASP ID||OWASP Title||Implementing Rules|
|A3||Cross-Site Scripting (XSS)||Eval Code should not be dynamically injected and executed|
S2819 Cross-document messaging domains should be carefully restricted
|A6||Sensitive Data Exposure||S2228 Console logging should not be used|
S3271 Local storage should not be used
S2817 Web SQL databases should not be used
|A9||Using Components with Known Vulnerabilities||S2817 Web SQL databases should not be used|