M_Z
Reputation: 201
Sending HTML content in API vulnerability risk
I have a react application that builds an Editor component dynamically. One of the fields in this editor is a content editable div that gets from API -json response- a content to be displayed in that div with some of the text highlighted or styled with any other html tags inside.
The user can change this content and I keep sending it back to API and getting it back from API to be displayed accordingly.
But I'm concerned about security, is this a risky vulnerability? How should I act in such a case?
Upvotes: 0
Views: 484
Answers (1)
Kirill Skomarovskiy
Reputation: 1575
Yes, you have to concern about security. I recommend to use sanitize-html.
Upvotes: 1
Related Questions
- How can I use HTML tags from API and display on page?
- Rendering html response from API in React
- How to safely render html in react?
- Secure API Call in React JS
- Is it wise to render a server response using dangerouslySetInnerHTML to the page without sanitization?
- Is dangerouslySetInnerHTML the only way to render HTML from an API in React?
- Is it a risk to pass html in an RESTful API response and inject directly into webpage?
- render pre-escaped html from wordpress api with react
- Secure way of embedding json in a script tag
- Why does React.js' API warn against inserting raw HTML?