Hybrid Taint Analysis for React: Automated XSS Prevention
摘要
Cross-site scripting (XSS) remains a significant risk in component-based web frameworks. In React, dynamic rendering patterns such as JSX spreads and hooks frustrate traditional defences, making it hard to reconcile security with performance. We introduce a hybrid static/runtime analysis that couples context-sensitive taint propagation with targeted runtime enforcement to prevent XSS in React applications. The static phase constructs a taint-flow graph for JSX and hook patterns and uses it to guide selective instrumentation of the virtual DOM. At runtime, lightweight proxies and Fiber-level hooks sanitise only those updates deemed risky, while delta instrumentation confines re-analysis to the parts of the component tree affected by a change. Evaluations on twelve open-source projects show that this approach achieves higher detection coverage than purely static analyzers and incurs far lower overhead than full dynamic tracking. By bridging the gap between accuracy and practicality, our framework offers a deployable means of protecting user data in privacy-sensitive React applications from XSS and related injection attacks.