Pattern: Use of dangerouslySetInnerHTML
Issue: -
The dangerouslySetInnerHTML prop allows injection of raw HTML into React components, creating potential XSS vulnerabilities. Use React's built-in escaping mechanisms and component composition instead.
Example of incorrect code:
const Hello = <div dangerouslySetInnerHTML={{ __html: "Hello World" }}></div>;Example of correct code:
const Hello = <div>Hello World</div>;