Reputation: 1173
Input sanitization in ReactJS
I am using ReactJS do develop a simple chat application. Could someone help me to sanitize the input . There is only one input text box to send chat messages. How to sanitize it?.
<input type="text"
className="chat"
value={this.state.name}
/>
Based on the documentations HTML escapes html by default. Is it enough?. Do I need to add any other sanitization methods. If yes, please let me know how to do that?.
Upvotes: 39
Views: 58914
Answers (2)
Reputation: 763
It's sanitized by default, you don't need a sanitization method unless you are using dangerouslySetInnerHTML which is not the case.
Upvotes: 61
Reputation: 91
JSX expressions {} automatically take care of encoding HTML before rendering, which means even if u don't sanitise your input your webpage is XSS safe.
Please refer to this DOC in react site: jsx-prevents-injection-attacks
Note: If you want your user to allow typing in HTML.. then you need input Sanitisation and you have to use dangerouslySetInnerHTML as @dgrijuela mentioned in the above post.
Upvotes: 8
Related Questions
- Preventing XSS attacks in React and NodeJS
- How can I prevent certain characters from being deleted from a React input tag?
- Sanitizers VS dangerouslySetInnerHtml
- How to sanitized HTML in React?
- How to validate Markdown Code to prevent XSS attacks?
- Integrate SanitizeFunction with React textArea onPaste
- How to enable xss in react?
- Is this correct way to clean input in React?
- React server-side rendering - window.initialState - how to prevent XSS?
- Sanitize HTML String without using dangerouslySetInnerHTML for length check