PortfolioSoftware DevelopmentSecurity Vulnerability PatchingBeginner
Software DevelopmentBeginner 1 to 2 hours

Patch a Cross-Site Scripting (XSS) Vulnerability

Fix a dangerous form that allows users to inject malicious scripts.

The Scenario

A user profile page allows users to enter a "Bio". Currently, if a user enters `<script>alert("Hacked")</script>`, the browser executes it when anyone views their profile. This is a Stored XSS vulnerability.

The Brief

You are provided with a vulnerable React component and an Express endpoint. Show how to patch this vulnerability on both the frontend (escaping HTML) and the backend (sanitizing input).

Deliverables

  • The corrected React component code
  • The corrected Express route code utilizing a sanitization library (like `dompurify` or `xss`)
  • A brief explanation of why relying only on frontend validation is insecure

Submission Guidance

Remember that React automatically escapes strings by default. To make this vulnerable, the original code used `dangerouslySetInnerHTML`. Explain why that was a bad idea and how to fix it.

Submit Your Work

Your submission is graded against the rubric on the right. If you pass, you get a public Badge URL you can share on LinkedIn. There is no draft save, so work offline first and paste your finished response here.

This appears on your public Badge.

0/20000 charactersMarkdown supported

One per line or comma separated. Up to 5 links.

By submitting, you agree your submission text, name, and evaluation will appear on a public Badge URL.