[TOC] # Preventing XSS vulnerabilities in React # 阻止React中的XSS漏洞 In this recipe, we are going to learn about cross-site scripting (XSS) vulnerabilities （漏洞） in React. XSS attacks are widespread in web applications, and some developers are still not aware of this. XSS attacks are malicious scripts that are injected into the DOM of unprotected web applications. The risks can vary with each application. It could just be an innocent alert script injection or, worse, someone can get access to your cookies and steal your private credentials (passwords), for example. 在本文中，我们将了解 React 中的跨站点脚本（XSS）漏洞。 XSS 攻击在 Web 应用程序中很普遍，一些开发人员仍然没有意识到这一点。 XSS 攻击是注入未受保护的 Web 应用程序的DOM 中的恶意脚本。每种应用的风险都会有所不同。它可能只是一个无辜的警报脚本注入，或者更糟糕的是，有人可以访问您的 cookie 并窃取您的私人凭据（密码），例如。 Let's create an XSS component to start playing around a little bit with some XSS attacks. We are going to have a response variable that is simulating a response from a real server, and we will simulate that we are using Redux's initial state (we are going to see Redux in *[Chapter 5](dafa4ab9-3353-4faf-8af0-f3739c6d5e78.xhtml), Mastering Redux*). 让我们创建一个 XSS 组件，开始玩一些 XSS 攻击。我们将有一个模拟来自真实服务器响应的响应变量，我们将模拟我们正在使用 Redux 的初始状态（我们会看到Redux *[Chapter 5](dafa4ab9-3353-4faf-8af0-f3739c6d5e78.xhtml), Mastering Redux*）。