-
Notifications
You must be signed in to change notification settings - Fork 45.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DangerouslySetInnerHtml not working properly on simple example. #7825
Comments
That would seem unlikely. Either way, React just gets a string in, so React can't actually tell the difference between those two examples. If you can demonstrate in a jsfiddle, we can investigate further. |
I had to unescape the HTML for it to work.
Should react automatically unescape html since we're already calling DangerouslySetInnerHtml? |
@sergiotapia that escaped html is perfectly valid html. Unescaping it could allow for XSS attacks and incorrect rendering. |
I thought that was the point though, dangerouslySetInnerHtml. Right now I have to create a div set it's html, then extract the html again. Not a good solution.
There should be a method that tells React to just do it. |
@sergiotapia Both are valid HTML, but if it's the second result you expect then you shouldn't be storing it escaped like in the first example, it is wrong. React is working correctly, it's your stored representation that has been unnecessarily/incorrectly escaped. |
...But they will never allow that, so we have to kludge for very rare instances, such as rendering fetch() response object output as HTML into a Context API Consumer. The ES6 fetch() API Response Object only outputs two forms: JSON, and text. The ONLY solution - yours - will fire a re-render of the Consumer component, rendering the text as valid HTML. This solution IS viable and is secure in any situation where innerHTML() is NOT processing user input - it is processing data read from a file, or data read from a web service. So, when you get a chance, could you post your complete solution here. Thank you. |
Using React 15.3.0 latest.
Here's what I tried and how it goes wrong.
This works:
This doesn't:
The description property is just a normal string of HTML content. However it's rendered as a string, not as HTML for some reason.
Any suggestions?
The text was updated successfully, but these errors were encountered: