// Review frontend and UI changes for concrete security risks such as XSS, unsafe URL handling, token leakage, missing origin checks, and client-side authorization gaps. Use when users ask for a UI code review focused on safety and reliability.
Build and review UI components for robust accessibility and runtime resilience, including semantic structure, keyboard support, loading and error states, retry flows, and predictable async behavior.
Implement or refactor UI forms with defense-in-depth validation, safe input handling, reliable submission behavior, and privacy-aware error handling. Use when building login, registration, profile, payment, admin, or file-upload forms.
| name | ui-secure-review |
| description | Review frontend and UI changes for concrete security risks such as XSS, unsafe URL handling, token leakage, missing origin checks, and client-side authorization gaps. Use when users ask for a UI code review focused on safety and reliability. |
Use this skill when the user asks for a frontend review with a security-first lens.
dangerouslySetInnerHTML, v-html, innerHTML, outerHTML.eval, new Function, string-based timers.href, window.open, router redirects from untrusted params.target="_blank" missing rel="noopener noreferrer".postMessage without strict origin and source checks.Use these patterns as a first pass, then manually verify context.
rg -n "dangerouslySetInnerHTML|v-html|innerHTML|outerHTML|eval\(|new Function\(" frontend/src
rg -n "window\.open|postMessage|target=\"_blank\"|localStorage|sessionStorage" frontend/src
rg -n "token|authorization|auth|redirect|location\.href|router\.push" frontend/src