What are the security considerations for coding a website with interactive scripts but no backend?
I am developing a simple grammar study website with Bootstrap 5, JQuery and Javascript. It will have interactive grammar quizzes and flashcards. I would like users to be able to type in answers to grammar questions and upload their own vocabulary sets via CSV files. There will be no logins, no back-end and no data persistence: everything will run in the browser. No uploaded data will survive a refresh. I would like to ultimately host it as a static site with a cloud PaaS provider.
I figure server hardening (HTTPS, DDoS, headers, etc...) will be handled by the cloud host. I want to follow every security best practice and button-up every potential hole in the code, though. What are the actual risks with a semi-static site like this, particularly regarding user input?
Thank you!
