Rules
no-dangerously-set-innerhtml
Disallows DOM elements from using 'dangerouslySetInnerHTML'.
Full Name in eslint-plugin-react-dom
react-dom/no-dangerously-set-innerhtmlFull Name in @eslint-react/eslint-plugin
@eslint-react/dom-no-dangerously-set-innerhtmlPresets
dom
recommended
recommended-typescript
recommended-type-checked
strict
strict-typescript
strict-type-checked
Rule Details
This should be used with extreme caution! If the HTML inside isn’t trusted (for example, if it’s based on user data), you risk introducing an XSS vulnerability.
Read more about using dangerouslySetInnerHTML.
Common Violations
Invalid
function MyComponent() {
return <div dangerouslySetInnerHTML={{ __html: "Hello, World!" }} />;
}Resources
Further Reading
See Also
react-dom/no-dangerously-set-innerhtml-with-children
Disallows DOM elements from usingdangerouslySetInnerHTMLandchildrenat the same time.react-dom/no-void-elements-with-children
Disallowschildrenin void DOM elements.