- Instead, we can use dangerouslySetInnerHTML, which is React's version of innerHTML. It is used as a prop where you can pass an object with a __html key like so
- That is where dangerouslySetInnerHTML comes into play in React components which enables you to be able to set HTML within JSX elements.
- Using dangerouslySetInnerHTML makes your site vulnerable to cross-site scripting (XSS) attacks, which can cause damage to your site and its users.
- Hence dangerouslySetInnerHTML should be avoided unless absolutely necessary and before dangerouslySetInnerHTML, the HTML input should be sanitized.
- When to use dangerouslySetInnerHTML? dangerouslySetInnerHTML is mostly used in any application where you need to render formatted text in a div element.
- React provides a property called dangerouslySetInnerHTML to insert HTML into the DOM. Learn how to use Reacts dangerouslySetInnerHTML.
- If the HTML inside isn’t trusted (for example, if it’s based on user data), you risk introducing an XSS vulnerability. Read more about using dangerouslySetInnerHTML.
- In class-based components, the dangerouslySetInnerHTML attribute is used to set innerHTML for the page.
- Read more about markup language by checking the detailed article on what is mardown . This is where the React dangerouslySetInnerHTML property comes in.
- To make this work, you’re going to have to use React dangerouslySetInnerHTML. Let’s dive into when to use this property, and how to use it to your advantage.