How to protect your service from XSS by using sanitize-html 【React】

Mar 8, 2021

When we write react codes, we sometimes face this problem. It is ‘How to render html string in React’. As you know, you can solve this with dangerouslySetInnerHTML. However, it has a problem which can cause XSS(not recommended in React tutorial either).

I found the solution to it. This is it.

sanitize-html

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

www.npmjs.com

import sanitizeHtml from 'sanitize-html';sanitize(text: ?string): string {  const cleanText = sanitizeHtml(text, {    allowedTags: ['p'],  });  return cleanText;}

You can use this library like above. It automatically eliminates dangerous tags in your html string.

My LinkedIn account. Please follow me!

https://www.linkedin.com/in/tomoharu-tsutsumi-56051a126/

React

Security

Written by Tomoharu Tsutsumi

23 Followers

Software Engineer with 4 years of professional experience. Studying Computer Science in a college.

More from Tomoharu Tsutsumi

Tomoharu Tsutsumi

How to use MailCatcher in Rails

I have had an opportunity to use MailCatcher. So, I summarize it in order not to forget it. MailCatcher enables you to stand a local SMTP…

1 min readNov 3, 2019

Tomoharu Tsutsumi

How to use React Datepicker

I had a chance to use React Datepicker(https://reactdatepicker.com/). This is so cool and I think that I’m expecting to have many…

1 min readJul 5, 2020

How to specify a directory where a Dockerfile is

Tomoharu Tsutsumi

How to specify a directory where a Dockerfile is

I’ve recently started learning Docker and Go. While coding, I faced a difficult problem and managed to solve it, so I’m going to summarize…

2 min readNov 29, 2022

Tomoharu Tsutsumi

Making New Line in React and Json.

When I was coding React, I wanted to newline string. Firstly, I coded like below in Json.

1 min readJun 21, 2020

See all from Tomoharu Tsutsumi

Recommended from Medium

Jeswanth Reddy
in
Version 1

Difference Between Promise and Async/Await

If you’re reading this, you probably understand how the promise and async/await are different in the execution context.

2 min readMay 12

Naresh Vunnam
in
WhatfixEngineeringBlog

ReactJS Security Best Practices

React is a free and open-source front-end JavaScript library that is used for building user interfaces. React allows developers to build…

4 min readMay 19

Lists

Stories to Help You Grow as a Software Developer

19 stories390 saves

General Coding Knowledge

20 stories359 saves

Now in AI: Handpicked by Better Programming

266 stories153 saves

Medium Publications Accepting Story Submissions

147 stories658 saves

Dmitry Kruglov
in
Better Programming

The Architecture of a Modern Startup

Hype wave, pragmatic evidence vs the need to move fast

16 min readNov 7, 2022

Pamuditha Jayasundara
in
JavaScript in Plain English

Advanced Techniques for Chrome Extension Development: A Comprehensive Guide

In this article, I will discuss some advanced concepts and methods that can greatly enhance your Chrome extension development process…

7 min readJun 14

Devanshani Rasanjika
in
Aeturnum

How to build your Chrome Extension in 5 minutes

Chrome is a well-spread platform that can develop your own Chrome extensions. If you want to make Chrome extensions and are new to Chrome…

7 min readJun 12

Swati Sharma

Creating navbar using react-router

Hello nerds! How is the week going?

3 min readApr 2

See more recommendations

Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
Teams