Menu
I'm trying to figure out what kind of security issues could occur with ReactJS but I'm having trouble finding any. A quick Google search for Angular brings a few useful websites. Are they any for ReactJS or can someone explain it?
884
As @WiredPrarie has pointed out React automatically escapes for XSS.
If you want to display an HTML entity within dynamic content, you will run into double escaping issues as React escapes all the strings you are displaying in order to prevent a wide range of XSS attacks by default.
An example of a found recent vulnerability can be seen here, but has long since been fixed.
Also see this link regarding insertion of raw html.
Be aware that using Isomorphic / Server Side Rendering can yield potential vulnerabilities, particularly in cases where initial state is embedded in a page to be served. See this link.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
