NO_DANGEROUS_HTML
Prevent the unsafe creation of DOM via HTML methods in your application.Table of Contents
Conformance is available on Enterprise plans
Unsafe creation of DOM can be done a variety of ways:
element.innerHTML
element.outerHTML
DOMParser.parseFromString()
element.insertAdjacentHTML()
srcdoc
on iframe elementsdangerouslySetInnerHTML
prop in React apps
Usage of these methods is deemed an unsafe coding practice as the HTML might result in security vulnerabilities.
It is recommended to instead use alternative approaches for HTML construction - such as document.createElement()
or a HTML sanitizer.
Last updated on July 23, 2024
Was this helpful?