Cross-site scripting (XSS) remains a significant risk in component-based web frameworks. In React, dynamic rendering patterns such as JSX spreads and hooks frustrate traditional defences, making it hard to reconcile security with performance. We introduce a hybrid static/runtime analysis that couples context-sensitive taint propagation with targeted runtime enforcement to prevent XSS in React applications. The static phase constructs a taint-flow graph for JSX and hook patterns and uses it to guide selective instrumentation of the virtual DOM. At runtime, lightweight proxies and Fiber-level hooks sanitise only those updates deemed risky, while delta instrumentation confines re-analysis to the parts of the component tree affected by a change. Evaluations on twelve open-source projects show that this approach achieves higher detection coverage than purely static analyzers and incurs far lower overhead than full dynamic tracking. By bridging the gap between accuracy and practicality, our framework offers a deployable means of protecting user data in privacy-sensitive React applications from XSS and related injection attacks.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Hybrid Taint Analysis for React: Automated XSS Prevention

  • Vaishnavi Gudur,
  • Advait Patel

摘要

Cross-site scripting (XSS) remains a significant risk in component-based web frameworks. In React, dynamic rendering patterns such as JSX spreads and hooks frustrate traditional defences, making it hard to reconcile security with performance. We introduce a hybrid static/runtime analysis that couples context-sensitive taint propagation with targeted runtime enforcement to prevent XSS in React applications. The static phase constructs a taint-flow graph for JSX and hook patterns and uses it to guide selective instrumentation of the virtual DOM. At runtime, lightweight proxies and Fiber-level hooks sanitise only those updates deemed risky, while delta instrumentation confines re-analysis to the parts of the component tree affected by a change. Evaluations on twelve open-source projects show that this approach achieves higher detection coverage than purely static analyzers and incurs far lower overhead than full dynamic tracking. By bridging the gap between accuracy and practicality, our framework offers a deployable means of protecting user data in privacy-sensitive React applications from XSS and related injection attacks.