Basic Method To Solve
To the two issues we talked above, we do have methods to solve or avoid them.
The solution to the other problem is more complicated and tricky. Each companies in the industry has different solutions, but most of them share the same concept. The basis of the concept is that every function would be hide into a module as a property of the module object, which only can be called by a controller, while the controller would be started on document.ready, monitoring and responding to page events, but not possible to be called from outside. Therefore, the only way to call the method is to have the correct event on the page, then the controller which is listening to the certain event is calling the method inside of the corresponding module. This won’t eliminate all the vulnerabilities but it will improves security by a lot. Be sure to talk to the architect for the solutions your system should be using.