search

vivaxy / react-text-more-less

📃React component to show more text or show less
https://github.com/vivaxy/react-text-more-less
MIT License
17 stars 2 forks source link

Risk of XSS attacks due to innerHTML #82

Open tabrez96 opened 3 years ago

tabrez96 commented 3 years ago

Here we set the content to innerHTML and this is prone to XSS attacks. Any alternatives for this?

vivaxy commented 3 years ago

Thanks for your reminding.

The solutions:

  1. From user side: I think we can wrap the text prop in some xss modules like xss.
  2. From module side: Is there some way to sanitize the text prop as react does? Before we find a proper solution, I'll update the document to mention the XSS risk.