← Back to list
react-security
by HoangNguyen0403
A collection of Agent Skills Standard and Best Practice for Programming Languages, Frameworks that help our AI Agent follow best practies on frameworks and programming laguages
⭐ 111🍴 40📅 Jan 23, 2026
Run in ManusSKILL.md
name: React Security description: Security practices for React (XSS, Auth, Dependencies). metadata: labels: [react, security, xss, auth] triggers: files: ['/*.tsx', '/*.jsx'] keywords: [dangerouslySetInnerHTML, token, auth, xss]
React Security
Priority: P0 (CRITICAL)
Preventing vulnerabilities in client-side apps.
Implementation Guidelines
- XSS: Avoid
dangerouslySetInnerHTML. Sanitize viaDOMPurifyif needed. - URLs: Validate
javascript:protocols in user links. - Auth: Store tokens in
HttpOnlycookies. AvoidlocalStorage. - Deps: Run
npm audit. Pin versions. - Secrets: Server-side only. No
.envsecrets in build. - CSP: Strict Content-Security-Policy headers.
Anti-Patterns
- No
eval(): RCE risk. - No Serialized State: Don't inject JSON into DOM without escaping.
- No Client Logic for Permissions: Backend must validate.
Code
import DOMPurify from 'dompurify';
// Safe HTML Injection
function SafeHtml({ content }) {
const clean = DOMPurify.sanitize(content);
return <div dangerouslySetInnerHTML={{ __html: clean }} />;
}
// Bad Link Prevention
const safeUrl = url.startsWith('javascript:') ? '#' : url;
<a href={safeUrl}>Link</a>;
Related Topics
common/security-standards | typescript/security | component-patterns
Score
Total Score
85/100
Based on repository quality metrics
✓SKILL.md
SKILL.mdファイルが含まれている
+20
✓LICENSE
ライセンスが設定されている
+10
✓説明文
100文字以上の説明がある
+10
✓人気
GitHub Stars 100以上
+5
✓最近の活動
1ヶ月以内に更新
+10
✓フォーク
10回以上フォークされている
+5
✓Issue管理
オープンIssueが50未満
+5
✓言語
プログラミング言語が設定されている
+5
✓タグ
1つ以上のタグが設定されている
+5
Reviews
💬
Reviews coming soon
