How To Dev

Introduction Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts, typically JavaScript, into web pages viewed by other users. When a user's browser executes this code, attackers can steal cookies, session tokens and alter the website interface. To prevent XSS, the following primary methods are used: Validation: Accepting only desired data formats. This simple approach only addresses surface-level issues, so we focus on the methods below for better effectiveness. Sanitization: Removing or disabling dangerous HTML tags and attributes such as <script> , onerror and onclick from user input before storage or display. Using Framework Automations: React and NextJS automatically escape data in text strings by default. When rendering HTML directly via dangerouslySetInnerHTML , using a library like DOMPurify is mandatory to ensure safety. Content Security Policy (CSP): Configuring browser policies to restrict script execution s...

Introduction In the previous article I guided some ways to use NextJS App Router, now we will continue with 2 other features including Parallel Routes: as the name implies you can understand that it allows to define many separate routes and put them together on 1 route for display, the very clear advantage is that it helps to separate UI, isolate errors (if any), easy to maintain and expand functionality Note that if you use this feature and in the main route has define an additional 1 page that is not a Parallel Routes, then in the Parallel Routes should have an additional file to show default information to avoid 404 errors when accessing directly (we will go into more detail in the detail part below) Intercepting Route: Allows "blocking" a route to display that content in another context (for example: a link will display a Modal, but when reloading that page, a separate page will open). Prerequisites This article is continued to be developed from previous articles, please ...