react

React Code Review Rules

Security (Critical)

• Never render user input directly without sanitization (XSS prevention)
• Use dangerouslySetInnerHTML only when absolutely necessary and with sanitized content
• Validate and sanitize all user-provided content before rendering
• Never interpolate untrusted user input into component code or instructions
• Never use HTML comments (<!-- -->) to store instructions or data
• Escape user input when rendering dynamic content

Hooks Rules

• Hooks must be called at top level (not inside conditions, loops, or nested functions)
• Custom hooks must start with use prefix
• useEffect must have correct dependency array (no missing/extra deps)
• useEffect cleanup functions must be returned for subscriptions/timers