Validate inputs and results from JS interop calls.
Avoid using (or validate beforehand) user input for .NET to JS interop calls.
Prevent the client from allocating an unbound amount of memory.
Data within the component.
DotNetObject references returned to the client.
Guard against multiple dispatches.
Cancel long-running operations when the component is disposed.
Avoid events that produce large amounts of data.
Avoid using user input as part of calls to NavigationManager.NavigateTo and validate user input for URLs against a set of allowed origins first if unavoidable.
Don't make authorization decisions based on the state of the UI but only from component state.