As one of the most popular JavaScript libraries, React has become an industry standard for developing single-page and mobile applications, and personally, the programming library that I love the…

Swiss Dev

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

React's JSX does a great job at escaping potentially dangerous strings by default. Cross-Site Scripting (XSS) is one of the most common security threats in any web application. Insecure Direct Object References (IDOR) is a type of vulnerability in a web application that allows an attacker to bypass authorization.

5 most famous React security threats and how to solve them ⛑️

The most common: Cross-Site Scripting (XSS) Attacks

The sneaky Insecure Direct Object References (IDOR)

I really think this article kind of doesn’t apply.
#1, sure but… the name implies it’s dangerous, and it would literally be easier for a newbie to do {text} than to set it dangerously.
#2-4 I mean? I haven’t done them and it’s my first month with react
#5 this one is really the only one that I can see happen. I’ve seen it happen with corporations, I’ve seen it happen on other sites of mine, and on my most recent project i’ve done it aswell!

Sorry , but I was not able to understand the last 2 vulnerabilities . Like : How can any attacker pass an react component as a prop to another component, for that it should have access to our source code as when we built our application for production , the react codes get’s converted into normal vanilla JS !
I will be happy if someone can prove me wrong 🙂