NO_DANGEROUS_HTML
Prevent the unsafe creation of DOM via HTML methods in your application.Conformance is available on Enterprise plans
Unsafe creation of DOM can be done a variety of ways:
element.innerHTMLelement.outerHTMLDOMParser.parseFromString()element.insertAdjacentHTML()srcdocon iframe elementsdangerouslySetInnerHTMLprop in React apps
Usage of these methods is deemed an unsafe coding practice as the HTML might result in security vulnerabilities.
It is recommended to instead use alternative approaches for HTML construction - such as document.createElement() or a HTML sanitizer.
Last updated on March 4, 2025
Was this helpful?