**Identifying JS files**

1. App relevant stuff  
   1. Lazy loaded JS  
   2. Vendor libraries  
2. Third party   
   1. Can pivot to XSS?  
   2. Steal relevant info?  
3. Tracking  
   1. Window.location.href leak  
4. HTML \<script\> tags

**Analysis**

1. Beautification  
   1. pprettier      
      1. [https://github.com/microsoft/parallel-prettier](https://github.com/microsoft/parallel-prettier)   
   2. VSCode  
2. Identifying client-side paths  
   1. Hash changes  
3. Identifying server-side paths  
   1. API endpoints  
   2. HTTP Verbs  
4. Sources & Sinks  
   1. Sources  
      1. URLSearchParams  
      2. location.\* / Hash  
         1. location.assign  
         2. location.replace  
      3. Window.open  
      4. Cookies  
      5. Localstorage/sessionstorage  
   2. Sinks      
      1. Location.href (always check CSP)  
      2. innerhtml  
      3. .html  
      4. unsafe templating  
      5. dangerouslysethtml  
      6. createElement (iframe, a, script, etc)  
5. ~~Dynamic analysis (devtools 101\)~~  
6. JS Adjacents  
   1. Feature Flags  
   2. function isFeatureFlagEnabled(){...}  
   3. M\&R rule:   
      1. Response Body  
      2. isFeatureFlagEnabled(){   
      3. isFeatureFlagEnabled(){return true;  
      4. 

**Additional Topics**

1. Dynamic Wordlist Generation  
2. Longterm monitoring via regex & crontab