This rule finds usages of React's dangerouslySetInnerHTML. One should not use this API because it possible opens your system up to an XSS attack.
Suppressions can be specified in your tslint.json configuration file like this:
"react-no-dangerous-html": [true, { "file": "local/path/to/MyFile.ts", "method": "render", "comment": "Usage has been approved by our Security Group on 2015-03-12" } ]
Or as a better alternative you can just extract all our suppressions into a separate file:
"react-no-dangerous-html": [true].concat(
grunt.file.readJSON('../xss_exceptions.json')
)
This rule is designed to provide you with an audit trail of all dangerouslySetInnerHTML usages so that they can be reviewed by a security team before a release is made. We suggest you do the following (which is what our team does):
Of course, you're free to automate this even more if you'd like! This works for us though.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4