There's more...

Here are some security recommendations:

• Always sanitize users' content that comes from forms.
• Always use serialize instead of JSON.stringify.
• Use dangerouslySetInnerHTML only when absolutely necessary.
• Do unit tests for your components, and try to cover all the possible XSS attacks (we are going to see unit tests in Chapter 12, Testing and Debugging).
• Always encrypt passwords with sha1 and md5, and do not forget to add a salt value (for example, if the password is abc123, then your salt can be encrypted like this: sha1(md5('$4ltT3xt_abc123')).
• If you use cookies to store sensitive information (personal information and passwords mainly), you can save the cookie with Base64 to obfuscate the data.
• Add some protection to your API (security tokens) unless you need to be public. There is a recipe about security tokens in Chapter 8, Creating an API with Node.js Using MongoDB and MySQL.