6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Sanitize innerHTML in javascript\",\"text\":\"

I am using that block of code and bring told by a code validator that this should be sanitized.

\\n\\n

What is wrong with it and how can i sanitize it?

\\n\\n

el1 = document.getElementById('quote'); //this is fine\\nel1.innerHTML = quoteNew; //this should be sanitized\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"scandalous\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

If the contents of quoteNew are just text to display, then use the textContent property of the element.

\\n\\n

 el1.textContent = quoteNew;\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Gabriele Petrioli\"},\"upvoteCount\":5}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}],["$","span","sanitize",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/sanitize/1","children":"sanitize"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/c0aab02701a3085f0c2511dcab6a4a1c?s=256&d=identicon&r=PG","alt":"scandalous","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1762785/scandalous","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"scandalous"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",912]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Sanitize innerHTML in javascript"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I am using that block of code and bring told by a code validator that this should be sanitized.

\n\n

What is wrong with it and how can i sanitize it?

\n\n

el1 = document.getElementById('quote'); //this is fine\nel1.innerHTML = quoteNew; //this should be sanitized\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",4926]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","44018056",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/cdef5bd2099545a776ee86fb8049bdc6?s=256&d=identicon&r=PG","alt":"Gabriele Petrioli","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/128165/gabriele-petrioli","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Gabriele Petrioli"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",196306]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

If the contents of quoteNew are just text to display, then use the textContent property of the element.

\n\n

 el1.textContent = quoteNew;\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",5]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","70358628",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70358628","className":"text-blue-600 hover:underline","children":"How to use innerHTML safely?"}]}],["$","li","48807066",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/48807066","className":"text-blue-600 hover:underline","children":"Sanitize javascript array element"}]}],["$","li","55635318",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/55635318","className":"text-blue-600 hover:underline","children":"Javascript Form Sanitization"}]}],["$","li","21743014",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21743014","className":"text-blue-600 hover:underline","children":"Sanitizing html string with javascript using browser to interpret html"}]}],["$","li","46534228",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46534228","className":"text-blue-600 hover:underline","children":".innerHTML & XSS Prevention"}]}],["$","li","42064037",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/42064037","className":"text-blue-600 hover:underline","children":"How to ignore HTML tags in innerHTML attribute?"}]}],["$","li","31737305",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/31737305","className":"text-blue-600 hover:underline","children":"what does "JavaScript sanitization doesn't save you from innerHTML" mean?"}]}],["$","li","5838770",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5838770","className":"text-blue-600 hover:underline","children":"Sanitizing input that will later appear in HTML"}]}],["$","li","7069200",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7069200","className":"text-blue-600 hover:underline","children":"How do I escape html in the "innerHtml" property with javascript?"}]}],["$","li","5153028",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/5153028","className":"text-blue-600 hover:underline","children":"Sanitize jquery string?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Sanitize innerHTML in javascript

Answers (1)

Related Questions