Unsanitized user input in React inner HTML method (XSS)
PreviousUnsanitized user input in 'eval' type functionNextUnsanitized user input in Access-Control-Allow-Origin
Last updated
Last updated
Rule ID: javascript_react_dangerously_set_inner_html
Applicable Languages: Javascript
Weakness ID: CWE-79
Using React's dangerouslySetInnerHTML
with unsanitized data can create Cross-Site Scripting (XSS) vulnerabilities. This happens when external input is directly embedded into the HTML without adequate sanitization, enabling attackers to inject malicious scripts.
Sanitize data before using it with dangerouslySetInnerHTML
. This step is essential to prevent XSS attacks by ensuring that the input is free from malicious scripts.
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our