---
name: sec-ui-01
description: Prevents XSS by restricting dangerous React props.
version: "1.0.0"
specialist: Linus
governance: SOFT_LOCK
---

# 🛡️ SEC-UI-01: XSS Defense (The Linus Protocol)
This is a SOFT_LOCK quality directive.

## 🚫 Forbidden
Do not use `dangerouslySetInnerHTML` unless absolutely necessary and documented.

## ✅ Mandated
Use safe rendering or sanitize the content through a trusted library like `DOMPurify` before passing it to the component.

Frank will nudge you and request a security audit if this pattern is detected.

---
*Provisioned by Rigstate CLI. Do not modify manually.*