gitlab.eslint.react-dangerouslysetinnerhtml

153
Download Count*
License

Setting HTML from code is risky because it’s easy to inadvertently expose your users to a cross-site scripting (XSS) attack.

Run Locally

Run in CI

Defintion

rules:
  - id: eslint.react-dangerouslysetinnerhtml
    pattern-either:
      - pattern: |
          <$X dangerouslySetInnerHTML=... />
      - pattern: |
          {dangerouslySetInnerHTML: ...}
    message: >
      Setting HTML from code is risky because it’s easy to inadvertently expose
      your users to a

      cross-site scripting (XSS) attack.
    metadata:
      cwe: "CWE-79: Improper Neutralization of Input During Web Page Generation
        ('Cross-site Scripting')"
      owasp: "A7: Cross-site Scripting (XSS)"
      references:
        - https://reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
      primary_identifier: eslint.react-dangerouslysetinnerhtml
      secondary_identifiers:
        - name: ESLint rule ID security/react-dangerouslysetinnerhtml
          type: eslint_rule_id
          value: security/react-dangerouslysetinnerhtml
      license: MIT
    languages:
      - typescript
      - javascript
    severity: WARNING