Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jedifa2021-09-06 16:50:37
XSS
jedifa, 2021-09-06 16:50:37

Does the dompurify library help prevent xss attacks when using dangerouslySetInnerHTML?

Please tell me, for example, html code comes from the server, you need to render it in react, rendering with dangerouslySetInnerHTML

<div dangerouslySetInnerHTML={{__html: //html который пришел с сервера}} />

but as it is written in the react documentation, dangerouslySetInnerHTML is dangerous because there may be an xss attack, I
found a video on YouTube on how to be safe and the DOMPurify library is used there,
<div dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(//html который пришел с сервера)}} />

The question is, does this library completely prevent xss attacks, or is everything also unsafe?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Daniel Chistyakov, 2021-09-06
@jedifa

"DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG".
It was created to prevent XSS attacks related to inserting HTML directly.

Similar questions
V
Vadim Ivanenko2014-06-22 03:38:14
Is it possible to identify a guest of my website as a VK user without authorization through the VK API? 2Reply
Y
Yuri Yerusalimsky2019-07-09 01:42:44
How to install XSSer script in PentestBox? 0Reply
A
akdes2015-03-15 18:08:18
Cross domain request from domain.com to api.domain.com... how? 2Reply
E
entermix2015-04-08 17:39:26
How to set up HTML Purifier correctly? 0Reply
K
komarevtsev2017-07-21 09:38:05
XSS on page for internal use? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question