Code Room
Code reviewHardcr-g401
Subject XssLevel Senior–Staff~22 minCommon in Security interviewsIndustries Software development

Question

Review this React TypeScript markdown renderer.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewtsx
import DOMPurify from 'dompurify'; function Note({ markdown }: { markdown: string }) {  const html = mdToHtml(markdown);  const clean = DOMPurify.sanitize(html, { ADD_ATTR: ['onclick'] });  return <div dangerouslySetInnerHTML={{ __html: clean }} />;}
Run or narrate your approach, then ask the coach.