Frontend Engineering | VoidX Academy

Protecting Your Users

Frontend code executes in a fundamentally hostile environment: the user's browser. If your application handles user accounts or e-commerce transactions, understanding security vulnerabilities is not optional. You must assume that any data coming from the user is potentially malicious.

Cross-Site Scripting (XSS)

XSS is the most common frontend attack. It occurs when a hacker manages to inject malicious JavaScript into your site, which then executes in the browsers of innocent users. For example, if you allow users to leave comments, a hacker might submit: <script>stealCookies()</script>.

React natively protects against this by automatically "escaping" string variables—converting the dangerous script tags into harmless plain text before displaying them. However, if you explicitly tell React to render raw HTML (using dangerouslySetInnerHTML), you bypass this protection.

import DOMPurify from 'dompurify'; export default function RenderArticle({ rawHtmlFromDatabase }) { // NEVER pass raw HTML directly to dangerouslySetInnerHTML. // Always pass it through a sanitizer like DOMPurify first. // This strips out

45. Web Security Foundations

Protecting Your Users

Cross-Site Scripting (XSS)

45. Web Security Foundations

Protecting Your Users

Cross-Site Scripting (XSS)