diff --git a/README-jp.md b/README-jp.md
index e18da00..ffe03ce 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -32,6 +32,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SSRF](#ssrf---server-side-request-forgery)
   - [Rails](#rails)
   - [AngularJS](#angularjs)
+  - [ReactJS](#reactjs)
   - [SSL/TLS](#ssltls)
   - [Webmail](#webmail)
   - [NFS](#nfs)
@@ -184,6 +185,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XSS without HTML: Client-Side Template Injection with AngularJS](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html) - Written by [Gareth Heyes](https://www.blogger.com/profile/10856178524811553475).
 - [DOM based Angular sandbox escapes](http://blog.portswigger.net/2017/05/dom-based-angularjs-sandbox-escapes.html) - Written by [@garethheyes](https://twitter.com/garethheyes)
 
+<a name="reactjs"></a>
+### ReactJS
+
+- [XSS via a spoofed React element](http://danlec.com/blog/xss-via-a-spoofed-react-element) - Written by [Daniel LeCheminant](http://danlec.com/).
+
 <a name="ssl-tls"></a>
 ### SSL/TLS
 
diff --git a/README-zh.md b/README-zh.md
index 270280f..b77fb4f 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -32,6 +32,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SSRF](#ssrf---server-side-request-forgery)
   - [Rails](#rails)
   - [AngularJS](#angularjs)
+  - [ReactJS](#reactjs)
   - [SSL/TLS](#ssltls)
   - [Webmail](#webmail)
   - [NFS](#nfs)
@@ -195,6 +196,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XSS without HTML: Client-Side Template Injection with AngularJS](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html) - Written by [Gareth Heyes](https://www.blogger.com/profile/10856178524811553475).
 - [DOM based Angular sandbox escapes](http://blog.portswigger.net/2017/05/dom-based-angularjs-sandbox-escapes.html) - Written by [@garethheyes](https://twitter.com/garethheyes)
 
+<a name="reactjs"></a>
+### ReactJS
+
+- [XSS via a spoofed React element](http://danlec.com/blog/xss-via-a-spoofed-react-element) - Written by [Daniel LeCheminant](http://danlec.com/).
+
 <a name="ssl-tls"></a>
 ### SSL/TLS
 
diff --git a/README.md b/README.md
index 023210d..cbacf88 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
   - [SSRF](#ssrf---server-side-request-forgery)
   - [Rails](#rails)
   - [AngularJS](#angularjs)
+  - [ReactJS](#reactjs)
   - [SSL/TLS](#ssltls)
   - [Webmail](#webmail)
   - [NFS](#nfs)
@@ -181,6 +182,11 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [XSS without HTML: Client-Side Template Injection with AngularJS](http://blog.portswigger.net/2016/01/xss-without-html-client-side-template.html) - Written by [Gareth Heyes](https://www.blogger.com/profile/10856178524811553475).
 - [DOM based Angular sandbox escapes](http://blog.portswigger.net/2017/05/dom-based-angularjs-sandbox-escapes.html) - Written by [@garethheyes](https://twitter.com/garethheyes)
 
+<a name="reactjs"></a>
+### ReactJS
+
+- [XSS via a spoofed React element](http://danlec.com/blog/xss-via-a-spoofed-react-element) - Written by [Daniel LeCheminant](http://danlec.com/).
+
 <a name="ssl-tls"></a>
 ### SSL/TLS