Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Angular
- Aws-cdk
- Lang
- Nestjs
- Nextjs
- React
- Best practice
- Portability
- React-create-element-dangerouslysetinnerhtml-prop
- React-create-element-dangerouslysetinnerhtml-url
- React-create-element-href-prop
- React-create-element-href-url
- React-dangerouslysetinnerhtml-prop
- React-dangerouslysetinnerhtml-url
- React-href-prop
- React-href-url
- React-refs-prop
- React-refs-url
- Security
- Security
- Typescript
- Yaml
React-create-element-dangerouslysetinnerhtml-url
React create element dangerouslysetinnerhtml url
Untrusted input could be used to tamper with a web page rendering, which can lead to a Cross-site scripting (XSS) vulnerability. XSS vulnerabilities occur when untrusted input executes malicious JavaScript code, leading to issues such as account compromise and sensitive information leakage. Validate the user input, perform contextual output encoding, or sanitize the input. If you have to use dangerouslySetInnerHTML, consider using a sanitization library such as DOMPurify to sanitize the HTML within.
Likelihood: HIGH
Confidence: HIGH
CWE:
- CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
OWASP:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection