Have you ever heard “React.js handles security and XSS prevention for you”? Belief in this myth may be why client-side injection vulnerabilities are still in the top 3 of the OWASP Top Ten Web Vulnerabilities year after year. This talk will cover vulnerabilities that fester in common React.js patterns that may even go under the nose of a seasoned React developer.