Skip to main content

noDangerouslySetInnerHtml (since v0.10.0)

Prevent the usage of dangerous JSX props

Examples

Invalid

function createMarkup() {
return { __html: 'child' }
}
<div dangerouslySetInnerHTML={createMarkup()}></div>
nursery/noDangerouslySetInnerHtml.js:4:6 lint/nursery/noDangerouslySetInnerHtml ━━━━━━━━━━━━━━━━━━━━

   Avoid passing content using the dangerouslySetInnerHTML prop.
  
     nursery/noDangerouslySetInnerHtml.js:4:6
    
  4  <div dangerouslySetInnerHTML={createMarkup()}></div>
          ^^^^^^^^^^^^^^^^^^^^^^^
  
   Setting content using code can expose users to cross-site scripting (XSS) attacks
  
React.createElement('div', {
dangerouslySetInnerHTML: { __html: 'child' }
});
nursery/noDangerouslySetInnerHtml.js:2:5 lint/nursery/noDangerouslySetInnerHtml ━━━━━━━━━━━━━━━━━━━━

   Avoid passing content using the dangerouslySetInnerHTML prop.
  
     nursery/noDangerouslySetInnerHtml.js:2:5
    
  2      dangerouslySetInnerHTML: { __html: 'child' }
         ^^^^^^^^^^^^^^^^^^^^^^^
  
   Setting content using code can expose users to cross-site scripting (XSS) attacks