Working with react dangerouslySetInnerHTML attribute
skptricks
Dec 4 '18
ć»1 min read
Post Link : Working with react dangerouslySetInnerHTML attribute
This tutorial explains how to use react dangerouslySetInnerHTML attribute inside react application component. dangerouslySetInnerHTML is Reactās replacement for using innerHTML in the browser DOM. In general, setting HTML from code is risky because itās easy to inadvertently expose your users to a cross-site scripting (XSS) attack. So, you can set HTML directly from React, but you have to type out dangerouslySetInnerHTML and pass an object with a __html key, to remind yourself that itās dangerous.
NOTE :Improper use of the innerHTML can open you up to a cross-site scripting (XSS) attack. Sanitizing user input for display is notoriously error-prone, and failure to properly sanitize is one of the leading causes of web vulnerabilities on the internet.
Thanks for this great tip.