Mendi Sterenfeld
Reputation: 397
Decode string in React
I'm displaying user comments on react with DomPurify. When the user enters a dangerous strings: eg ' it gets encoded, how can I safely decode it?
Here is the code:
<p className="donor-comment">
{DOMPurify.sanitize(hit.comment)}
</p>
Thanks in advance
Upvotes: 0
Views: 3367
Answers (1)
is2ei
Reputation: 51
You don't have to escape user input manually or by using third-party libs like DOMPurify. React DOM does it by default.
https://reactjs.org/docs/introducing-jsx.html#jsx-prevents-injection-attacks
By default, React DOM escapes any values embedded in JSX before rendering them. Thus it ensures that you can never inject anything that’s not explicitly written in your application. Everything is converted to a string before being rendered. This helps prevent XSS (cross-site-scripting) attacks.
Upvotes: 1
Related Questions
- ReactJS convert HTML string to JSX
- How to convert an HTML string to virtual DOM in React?
- How to decode special character or HTML entities in react native or JS?
- How to parse string in react to render html
- Convert String in React Components
- Convert plain string to html in react
- Convert string to real HTML in React.js
- How to parse a String containing HTML to React Components
- String to React DOM object
- Reactjs - convert string to HTML