The Most Common XSS Vulnerability in React.js Applications
Emelia Smith
90514

A better way is to do this:

JSON.stringify(preloadedState).replace(/\//g, '\\/')

For more info see
https://github.com/halt-hammerzeit/react-isomorphic-render/issues/27#issuecomment-267110105

If you just replace those HTML-characters with unicode symbols, as your blog post suggests, then the data may end up corrupted (what if some kind of ID inside store data has a slash? it would render this ID invalid)

Show your support

Clapping shows how much you appreciated НИЧОСИ!’s story.