Skip to content
/ react-safe Public

Safe JSX: syntactic sugar over dangerouslySetInnerHTML

License

MIT license
13 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ivan-kleshnin/react-safe

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
babel.config.js
babel.config.js
 
 
index.js
index.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

React Safe

This package provides a syntactic sugar over the raw dangerousSetInnerHTML.

Motivation

In real projects, at least in my experience, the usage of dangerousSetInnerHTML is extensive. Which brings two problems:

  1. It's too long and ugly for its frequency. Also JSX does not look like HTML anymore as tag contents are passed via attributes. Which kinda defeats the usage point of JSX.

  2. The term "dangerous" is misleading. It represents something a programmer considers safe(!) instead. So it kinda spams the vision with irrelevant signals of false danger decreasing the capability to notice real threats.

Examples

React (vanilla)

<h1 dangerouslySetInnerHTML={{__html: page.title}}></h1>
<div dangerouslySetInnerHTML={{__html: renderMD(page.body)}}></div>

React Safe

<Safe.h1>{page.title}</Safe.h1>
<Safe.div>{renderMD(page.body)}</Safe.div>

Warning

React-Safe is a thin wrapper over dangerouslySetInnerHTML so all the usual concerns about XSS attacks and security in general apply. Check the above link for more information.

License

MIT

About

Safe JSX: syntactic sugar over dangerouslySetInnerHTML

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

9 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages