Community Favorite
profile photo of Vasilii ErmilovVasilii Ermilov
Download Count*

React security best practices

Run Locally


Rules (14)

profile photo of returntocorpreturntocorp

This HTML element '$EL' and attribute '$ATTR' together may load an external resource. This means that if dynamic content can enter this attribute it may be possible for an attacker to send HTTP requests to unintended locations which may leak data about your users. If this element is reaching out to a known host, consider hardcoding the host (or loading from a configuration) and appending the dynamic path. See for more information.