react

Community Favorite
profile photo of Vasilii ErmilovVasilii Ermilov
Author
5,889
Download Count*

React security best practices

Run Locally

Tags

Rules (14)

profile photo of returntocorpreturntocorp

This HTML element '$EL' and attribute '$ATTR' together may load an external resource. This means that if dynamic content can enter this attribute it may be possible for an attacker to send HTTP requests to unintended locations which may leak data about your users. If this element is reaching out to a known host, consider hardcoding the host (or loading from a configuration) and appending the dynamic path. See https://github.com/cure53/HTTPLeaks for more information.