A report released by Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by the end of 2021. Cyberattacks are mounted against both large and small companies—so no matter what size company us developers are working at—how can we help to combat cybercrime? This talk aims to educate on cross-site scripting attacks, a vulnerability OWASP identifies as a “top 10” of web security risks. It then dives deeper into examples of XSS attempts in a React application. Attempts to inject a malicious script are demoed on a mock social site. In some of the attempts, the React API will automatically sanitize malicious content for us—in other attempts, there are no built-in protections.