javascriptreactjsdecodedompurify
Decode string in React
I'm displaying user comments on react with DomPurify. When the user enters a dangerous strings: eg ' it gets encoded, how can I safely decode it?
Here is the code:
<p className="donor-comment">
{DOMPurify.sanitize(hit.comment)}
</p>
Thanks in advance
Solution
You don't have to escape user input manually or by using third-party libs like DOMPurify. React DOM does it by default.
https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks
By default, React DOM escapes any values embedded in JSX before rendering them. Thus it ensures that you can never inject anything that’s not explicitly written in your application. Everything is converted to a string before being rendered. This helps prevent XSS (cross-site-scripting) attacks.
- Convert the greatest binary number (by number of binary digits) to decimal
- Reading excel file into array using javascript
- Why is Vue's Composable not Isolated?
- Refused to execute script, strict MIME type checking is enabled?
- contentEditable - Firefox <br /> tag
- How to listen for a page $emit in a nuxt layout?
- Why am I getting 'Cannot GET' in localhost for Vue npm run serve
- I can't use dynamic components in Nuxt 3
- Get all files within a folder containing string, push filenames to array and return array using Node FS
- How to fix bubbles when drawing with canvas?
- how to find duplicate number in an array and increment the duplicate value using javascript
- How to enable a checkbox with Javascript?
- Check/Uncheck checkbox with JavaScript
- Symfony 7.0 AssetMapper: JS Files Only Load on Initial Page Load or After F5 Refresh
- Checkbox checked not passing an actual value?
- Err Only plain objects, and a few built-ins, can be passed to Client Components from Server Components. Classes or null prototypes are not supported
- How wait to run JavaScript function until after the DOM is ready / loaded?
- MUI TextField Background Color for auto complete
- Regular expression isn't matching all hyperlinks in a string
- downloading file-stream from browser get request
- Problem with selecting a specific web element with Playwright in Python
- how to keep class attribute stored for Leaflet.js markers
- Index of last vowel in a string
- Delete a specific user from Firebase
- How to access DOM elements by type? (similar to getElementsByName())
- How to use a regular expression in a jQuery selector?
- How to getElementByName() with a regex?
- "user friendly" vimeo embedding, get embed code from url
- Is there a way to achieve currying with a local variable
- "BigInt literals are not available when targeting lower than ESNext"