React's dangerously set inner HTML detected.
- Rule ID: javascript_react_dangerously_set_inner_html
- Languages: javascript
- Source: dangerously_set_inner_html.yml
Description
There are Cross-Site Scripting (XSS) vulnerabilites when using React's dangerouslySetInnerHTML with unsanitized data.
Remediations
✅ Sanitize data when using dangerouslySetInnerHTML
<div
dangerouslySetInnerHTML={{__html: sanitize(data)}}
/>