react-security

Installation
SKILL.md

React Security

Priority: P0 (CRITICAL)

Prevent XSS Attacks

  • Never use dangerouslySetInnerHTML without sanitization. Use DOMPurify.sanitize(input) for all user-provided HTML.
  • Avoid javascript: protocols in href or src.

See implementation examples for DOMPurify sanitization and secure cookie configuration.

Secure Authentication

  • Store JWT/Sessions in HttpOnly and Secure cookies to prevent theft via XSS. Never store secrets in localStorage or in built JS bundle.
  • Data Flow: Escape all serialized state if injecting into HTML (e.g., in SSR). Use Content Security Policy (CSP) to restrict script sources and prevent inline execution.

Harden Application Boundaries

Installs
1
GitHub Stars
521
First Seen
3 days ago
react-security — hoangnguyen0403/agent-skills-standard