How to protect your service from XSS by using sanitize-html 【React】


When we write react codes, we sometimes face this problem. It is ‘How to render html string in React’. As you know, you can solve this with dangerouslySetInnerHTML. However, it has a problem which can cause XSS(not recommended in React tutorial either).

I found the solution to it. This is it.

import sanitizeHtml from 'sanitize-html';sanitize(text: ?string): string {  const cleanText = sanitizeHtml(text, {    allowedTags: ['p'],  });  return cleanText;}

You can use this library like above. It automatically eliminates dangerous tags in your html string.

My LinkedIn account. Please follow me!



Tomoharu Tsutsumi

Software Engineer with 4 years of professional experience. Studying Computer Science in a college.

Recommended from Medium


See more recommendations