Skip to content
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.

Latest commit

 

History

History
27 lines (16 loc) · 807 Bytes

no-danger.md

File metadata and controls

27 lines (16 loc) · 807 Bytes

Prevent usage of dangerous JSX properties (no-danger)

Dangerous properties in React are those whose behavior is known to be a common source of application vulnerabilities. The properties names clearly indicate they are dangerous and should be avoided unless great care is taken.

See https://facebook.github.io/react/tips/dangerously-set-inner-html.html

Rule Details

The following patterns are considered warnings:

var React = require('react');

var Hello = <div dangerouslySetInnerHTML={{ __html: "Hello World" }}></div>;

The following patterns are not considered warnings:

var React = require('react');

var Hello = <div>Hello World</div>;

When Not To Use It

If you are certain the content passed to dangerouslySetInnerHTML is sanitized HTML you can disable this rule.