React's dangerously set inner HTML detected.
- Rule ID: javascript_react_dangerously_set_inner_html
- Languages: javascript
- Source: dangerously_set_inner_html.yml
Description
There are Cross-Site Scripting (XSS) vulnerabilites when using React's dangerouslySetInnerHTML with unsanitized data.
Remediations
✅ Sanitize data when using dangerouslySetInnerHTML
<div
dangerouslySetInnerHTML={{__html: sanitize(data)}}
/>
Resources
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=javascript_react_dangerously_set_inner_html
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=javascript_react_dangerously_set_inner_html
Ready to take the next step? Learn more about Bearer Cloud.