Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Security holes or vulnerabilities in ReactJS?

I'm trying to figure out what kind of security issues could occur with ReactJS but I'm having trouble finding any. A quick Google search for Angular brings a few useful websites. Are they any for ReactJS or can someone explain it?

like image 884
BlueElixir Avatar asked May 13 '15 21:05

BlueElixir


1 Answers

As @WiredPrarie has pointed out React automatically escapes for XSS.

If you want to display an HTML entity within dynamic content, you will run into double escaping issues as React escapes all the strings you are displaying in order to prevent a wide range of XSS attacks by default.

An example of a found recent vulnerability can be seen here, but has long since been fixed.

Also see this link regarding insertion of raw html.

Be aware that using Isomorphic / Server Side Rendering can yield potential vulnerabilities, particularly in cases where initial state is embedded in a page to be served. See this link.

like image 53
andrsnn Avatar answered Oct 14 '22 23:10

andrsnn