JSX

React's client-side rendering model introduces XSS vulnerabilities from improperly sanitized JSX content, bypassing PHP's native sanitization. Additionally, heavy reliance on npm packages increases exposure to supply-chain threats and malicious code in third-party dependencies.

React violates traditional web development standards by requiring JSX instead of HTML, pushing CSS-in-JS and inline styles instead of cascading CSS, using custom routing instead of native window.location and history API, and introducing 'use server' directives instead of standard fetch/JSON/HTTP patterns. These deviations create debugging nightmares and bad practices.