A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/Microsoft/tslint-microsoft-contrib/wiki/react-no-dangerous-html-Rule below:

react no dangerous html Rule · microsoft/tslint-microsoft-contrib Wiki · GitHub

react-no-dangerous-html Rule

This rule finds usages of React's dangerouslySetInnerHTML. One should not use this API because it possible opens your system up to an XSS attack.

Suppressions can be specified in your tslint.json configuration file like this:

"react-no-dangerous-html": [true, 
    { 
        "file": "local/path/to/MyFile.ts", 
        "method": "render", 
        "comment": "Usage has been approved by our Security Group on 2015-03-12"
    }
]

Or as a better alternative you can just extract all our suppressions into a separate file:

"react-no-dangerous-html": [true].concat(
    grunt.file.readJSON('../xss_exceptions.json')
)

This rule is designed to provide you with an audit trail of all dangerouslySetInnerHTML usages so that they can be reviewed by a security team before a release is made. We suggest you do the following (which is what our team does):

Of course, you're free to automate this even more if you'd like! This works for us though.


RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4