Hacking React: XSS in the RSC Era

Speaker L

XSS in React isn't just dangerouslySetInnerHTML. Server Components introduce new attack surfaces — serialized props, streamed HTML, server action inputs. We'll exploit each one live, then fix them with validation, sanitization, and content security policies.