Invalid HTML inside dangerouslySetInnerHTML breaks the page.
#14797
Comments
lfades
added
kind: bug
good first issue
|
Hey @lfades is it okay if I take this issue up? I was able to reproduce the issue locally and noticed that the reason the page goes blank is because This does not cause the page to go blank if that invalid html tag is a or even invalid markup like but will go blank if the invalid html tag is a <style> or <script> because the scripts next.js appends at the end of the page can't be executed inside of <style> or <script>. I think the right behavior would be to ensure that the next.js scripts don't end up wrapped inside of the invalid tag so that the JS can execute and any valid content can still render on the page. What are your thoughts, i'll attach screenshots for reference... |
|
Open tag will autoclose with all markup and scripts underneath the open tag wrapped inside of it Same issue with <script> tag
NOT an issue with a open markup tag |
|
@lfades or anyone else.. I tried to run a forked/cloned version of next locally and have it point to the example app but I keep running into a mismatch react issue. I tried to work through it but am stuck, any thoughts?
|
|
@TatisLois Follow the steps here to setup the Next.js repo: https://github.com/vercel/next.js/blob/canary/contributing.md Once you run |
got it working - thanks |
|
I'll take a look at this issue as well. I think the responsibility of putting in valid html in |
|
I don't have time to continue on this issue, so if anyone else wants to continue - feel free to do so! My idea is to validate the HTML with perhaps html-validator package and logging the error to the console. I think adding something similiar to this in Main component could work: export function Main() {
const { inAmpMode, html, docComponentsRendered } = useContext(
DocumentComponentContext
)
+ const [invalidHtmlError, setInvalidHtmlError] = useState()
docComponentsRendered.Main = true
+ useEffect(() => {
+ checkHtml()
+ })
+ const checkHtml = async () => {
+ try {
+ await htmlValidator(html)
+ } catch (error) {
+ setInvalidHtmlError(error)
+ }
+ }
if (inAmpMode) return <>{AMP_RENDER_TARGET}</>
+ if (invalidHtmlError) {
+ Log.error(
+ "There's an error with your HTML",
+ JSON.stringify(invalidHtmlError)
+ )
+ }
return <div id="__next" dangerouslySetInnerHTML={{ __html: html }} />
} |
|
I also had this problem when allowing user generated HTML. If you wrap the dangerously set HTML code using the sanitize package linked below - it auto-fixes this broken HTML problem for you. https://www.npmjs.com/package/sanitize-html |
|
I'll take this one on. |
|
Hey, is there any progress on the issue? If there is no one that is not taking this on, I'll be ready to take this on. |
|
If there is no progress on this issue,please assign this issue to me |
|
Can't reproduce on latest commit. I see the heading but not the subtitle because of wrong tag. But the page works fine. |
Bug report
Describe the bug
If invalid HTML is added to
dangerouslySetInnerHTML, Next.js will output a blank page without providing any feedback. This can be hard to track when working with a CMS provider or markdown files.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
yarn && yarn devornpm i && npm run devpages/index.jsis a blank page with no errorsExpected behavior
Invalid HTML inside
dangerouslySetInnerHTMLshould throw and/or let the user know that there's something wrong.The demo also has an
index.htmlandindex.jsin the root directory that shows how the same code works in React alone, it doesn't produce an error either, but it shows the content.The text was updated successfully, but these errors were encountered: