noDangerouslySetInnerHtml

诊断类别：lint/security/noDangerouslySetInnerHtml

¥Diagnostic Category: lint/security/noDangerouslySetInnerHtml

JSX and TSX

自从：v1.0.0

¥Since: v1.0.0

Note

• 此规则由 Biome 推荐。在对代码进行 linting 时将出现诊断错误。

  ¥This rule is recommended by Biome. A diagnostic error will appear when linting your code.

来源：

¥Sources:

• 与以下相同：react/no-danger

  ¥Same as: react/no-danger

防止使用危险的 JSX props

¥Prevent the usage of dangerous JSX props

示例

Section titled 示例

¥Examples

无效

Section titled 无效

¥Invalid

function createMarkup() {
    return { __html: 'child' }
}
<div dangerouslySetInnerHTML={createMarkup()}></div>

code-block.jsx:4:6 lint/security/noDangerouslySetInnerHtml ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  ✖ Avoid passing content using the dangerouslySetInnerHTML prop.
  
    2 │     return { __html: ‘child’ }
    3 │ }
  > 4 │ <div dangerouslySetInnerHTML={createMarkup()}></div>
      │      ^^^^^^^^^^^^^^^^^^^^^^^
    5 │ 
  
  ⚠ Setting content using code can expose users to cross-site scripting (XSS) attacks
  

React.createElement('div', {
    dangerouslySetInnerHTML: { __html: 'child' }
});

code-block.js:2:5 lint/security/noDangerouslySetInnerHtml ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  ✖ Avoid passing content using the dangerouslySetInnerHTML prop.
  
    1 │ React.createElement(‘div’, {
  > 2 │     dangerouslySetInnerHTML: { __html: ‘child’ }
      │     ^^^^^^^^^^^^^^^^^^^^^^^
    3 │ });
    4 │ 
  
  ⚠ Setting content using code can expose users to cross-site scripting (XSS) attacks
  

相关链接

Section titled 相关链接

¥Related links

• 禁用规则

  ¥Disable a rule

• 配置规则修复

  ¥Configure the rule fix

• 规则选项

  ¥Rule options