Six security vulnerabilities from a year of HackerOne

Fun fact: dangerouslySetInnerHtml was almost going to be called insertXssVulnerabilityHere.<p>I wonder if vulnerability #2 from the post would still have happened if the name was that blatant.

That one about _blank hrefs - Good one! Thank you.