XSS( Cross-site-scripting)

Cross-site scripting (XSS) is a web vulnerability where attackers inject malicious client-side scripts (usually JavaScript) into trusted websites.

XSS can be prevented by escaping user input and avoiding direct HTML injection.

Prevention:

• React JSX auto-escape content.

• Avoid dangerouslySetInnerHTML

• input sanitize/validate

• Use CSP