no-dangerously-set-innerhtml

Full Name in eslint-plugin-react-dom

react-dom/no-dangerously-set-innerhtml

Full Name in @eslint-react/eslint-plugin

@eslint-react/dom/no-dangerously-set-innerhtml

Presets

dom
recommended
recommended-typescript
recommended-type-checked

What it does

Warns when using dangerouslySetInnerHTML.

Why is this bad?

This should be used with extreme caution! If the HTML inside isn’t trusted (for example, if it’s based on user data), you risk introducing an XSS vulnerability.

Read more about using dangerouslySetInnerHTML.

Examples

Failing

import React from "react";
 
function Example() {
  return <div dangerouslySetInnerHTML={{ __html: "Hello, World!" }} />;
}

no-children-in-void-dom-elements no-dangerously-set-innerhtml-with-children