React Security
5 min read
Never use dangerouslySetInnerHTML with user input — it enables XSS attacks. Store auth tokens in httpOnly cookies, not localStorage. Run npm audit regularly and keep all dependencies updated for security patches.
React Security Best Practices
- Never set
dangerouslySetInnerHTML with user input (XSS) - Sanitize user input: use
DOMPurify - Store tokens in httpOnly cookies, not localStorage
- Validate on the server — never trust client-side validation alone
- Use HTTPS in production
- Keep dependencies updated:
npm audit