About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

XSS CheatSheet for React- 225

Pragmatic Security Posted 5 Years Ago
  • Cross Site Scripting (XSS) is where either HTML or JavaScript can be added to the content of the page in order to change the look or code flow of the website. XSS can have very serious effects, including account takeover and the execution of arbitrary actions as the user of the XSS'ed page is running on.
  • The main way to defend against XSS is to encode and output HTML encode all untrusted input, such as turning < into &lt;. However, manually trying to escape all characters is difficult to do and, more often than not, can be bypassed.
  • In recent years, frontend frameworks, such as React and Angular, have started automatically escaping HTML in order to take the burden from the user. Because of this, XSS has taken a major turn, in terms of relevance, on these types of sites.
  • However, there are several cases that these frameworks cannot defend against. The article is just a cheatsheet for React XSS issues.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed