Software DevelopmentBeginner 1 to 2 hours

Patch a Cross-Site Scripting (XSS) Vulnerability

Fix a dangerous form that allows users to inject malicious scripts.

The Scenario

A user profile page allows users to enter a "Bio". Currently, if a user enters `<script>alert("Hacked")</script>`, the browser executes it when anyone views their profile. This is a Stored XSS vulnerability.

The Brief

You are provided with a vulnerable React component and an Express endpoint. Show how to patch this vulnerability on both the frontend (escaping HTML) and the backend (sanitizing input).

Deliverables

  • The corrected React component code
  • The corrected Express route code utilizing a sanitization library (like `dompurify` or `xss`)
  • A brief explanation of why relying only on frontend validation is insecure

Submission Guidance

Remember that React automatically escapes strings by default. To make this vulnerable, the original code used `dangerouslySetInnerHTML`. Explain why that was a bad idea and how to fix it.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

We'll email you the permanent link to your Badge so you never lose it. Not shown publicly.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

Loading security check...

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.