- Never trust user input.
- Use proper encoding/escaping.
- Sanitize user input.
- Define a content security policy.
- Set secure cookies.
- Secure API keys on the client-side.
- Encrypt data transmitted between the client and the server.
- Call things by their name — easy, short and readable variable and function names.
- Avoid globals.
- Stick to a strict coding style.
- Comment as much as needed but not more.
- Avoid mixing with other technologies.
- Use shortcut notation when it makes sense.
- Modularize — one function per task.
- Avoid creating a new object by using new Object() . …
- Same thing for arrays, favor  over new Array() .
- Avoid blocks except where statements require them ( if , switch , loops, try ).
- Never assign inside an if of while statements condition part.
- Never use == and !=
Good question with a simple answer: you can’t!