internetee / registrant_center

Web portal for domain registrants and contacts to get a registrar independent overview of domain associated with the user. Other features include contact data update and fully automated domain registry lock.
0 stars 0 forks source link

Replace dangerouslySetInnerHTML with a safe property #84

Closed OlegPhenomenon closed 3 years ago

OlegPhenomenon commented 3 years ago
Our design philosophy is that it should be "easy" to make things safe, and developers should explicitly state their intent when performing “unsafe” operations. 
The prop name dangerouslySetInnerHTML is intentionally chosen to be frightening, and the prop value (an object instead of a string) can be used to indicate sanitized data.

This property can pose a threat. The problem may be overstated and in fact, it will not pose a threat. But, I think to feel confident it is worth adding the necessary library https://github.com/cure53/DOMPurify for example