The dangerouslySetInnerHTML and createRef Functions
Learn about security concerns when working with JavaScript libraries and frameworks like React.
Framework security
Using a trusted web application framework like React provides developers with many security best practices out of the box. However, XSS concerns can still arise when developers use frameworks insecurely. One of the most common ways a front-end framework or templating language can be used insecurely is by using provided escape hatches that directly manipulate the DOM.
Typically, React renders components and all data, including user-provided data, using auto-escaping.
Get hands-on with 1400+ tech skills courses.