H
H
hbrmdc2015-08-15 02:31:35
JavaScript
hbrmdc, 2015-08-15 02:31:35

How to safely save and render formatted text in ReactJS SPA?

I need to store, retrieve, render and edit rich text in a ReactJS WebApp.
Instead of a visual editor on the client side, I use the markdown syntax.
According to the ReactJS documentation, using the dangerouslysetinnerhtml method is generally not desirable due to the vulnerability to cross-site scripting (XSS) attacks. I understand that this means that an attacker can inject js code that will be executed when the page is opened.
Is it possible to solve this problem if I store a string with markdown syntax instead of html in the database, and on the client side just convert from markdown to html just before rendering?
If not, what to do with formatting??

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Y
Yuri Yarosh, 2015-08-15
@voidnugget

Can be rendered in the browser or filtered .
No one is stopping you from doing this.
So, most often, custom styles are also completely cut out.
Although, after CSS keyloggers in scrollbars and SVGs, I'm not surprised at all.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question