[TOC] # Preventing XSS vulnerabilities in React # 阻止React中的XSS漏洞 In this recipe, we are going to learn about cross-site scripting (XSS) vulnerabilities （漏洞） in React. XSS attacks are widespread in web applications, and some developers are still not aware of this. XSS attacks are malicious scripts that are injected into the DOM of unprotected web applications. The risks can vary with each application. It could just be an innocent alert script injection or, worse, someone can get access to your cookies and steal your private credentials (passwords), for example. 在本文中，我們將了解 React 中的跨站點腳本（XSS）漏洞。 XSS 攻擊在 Web 應用程序中很普遍，一些開發人員仍然沒有意識到這一點。 XSS 攻擊是注入未受保護的 Web 應用程序的DOM 中的惡意腳本。每種應用的風險都會有所不同。它可能只是一個無辜的警報腳本注入，或者更糟糕的是，有人可以訪問您的 cookie 并竊取您的私人憑據（密碼），例如。 Let's create an XSS component to start playing around a little bit with some XSS attacks. We are going to have a response variable that is simulating a response from a real server, and we will simulate that we are using Redux's initial state (we are going to see Redux in *[Chapter 5](dafa4ab9-3353-4faf-8af0-f3739c6d5e78.xhtml), Mastering Redux*). 讓我們創建一個 XSS 組件，開始玩一些 XSS 攻擊。我們將有一個模擬來自真實服務器響應的響應變量，我們將模擬我們正在使用 Redux 的初始狀態（我們會看到Redux *[Chapter 5](dafa4ab9-3353-4faf-8af0-f3739c6d5e78.xhtml), Mastering Redux*）。