19

I am outputting the text using API from the server, and I have an admin which has the html fields for facilitating filling the content. The issue in here that now the text displaying with html codes. How I can get rid of that undeeded html codes. I guess I have to use html entity decode? How I will implement that in react project? Below you see that the text illustrates not only text and html code.

enter image description here

  export  class FullInfoMedia extends React.Component {
    render() {
        const renderHTML = (escapedHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: escapedHTML } });

        return (
            <div>
                <div className="about-title">
                    <div className="container">
                        <div className="row">
                            <img className="center-block" src={this.props.about.image}/>

                            <h2>{this.props.about.title}</h2>
                            {renderHTML(<p>{this.props.about.body}</p>)} 
                        </div>
                    </div>
                </div>
            </div>
        );
    }
}
Improve this question
1
  • use dangerouslySetInnerHTML Commented Feb 21, 2017 at 8:03

3 Answers 3

Reset to default
32

You can use dangerouslySetInnerHTML, but be sure you render only your input, not users. It can be great way to XSS.

Example of using:

const renderHTML = (rawHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: rawHTML } });

And then in a component:

{renderHTML("<p>&amp;nbsp;</p>")}
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

so, for example the code should look like that the code in above. I just added, pls could u review
but now it renders only word "[object Object]"
Input to the renderHTML function has to be string, not an object. You are calling <p>...</p>, but you need to call "<p>...</p>" (with quotes).
for me worked this code dangerouslySetInnerHTML={{__html: this.props.about.body}}
I suppose your this.props.about.bodyis string, so simply {renderHTML(this.props.about.body)} is what you should use. If your props is not a string, you need to convert it.
|
11

Even though you can use dangerouslySetInnerHTML it's not really a good practice, and as stated by Marek Dorda it's a great thing for making your app XSS vulnerable.

A better solution would be to use the he library. https://github.com/mathiasbynens/he

This would be an example of how would your component look with it.

import he from 'he'

export class FullInfoMedia extends React.Component {
    render() {
        const renderHTML = (escapedHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: escapedHTML } });

        return (
            <div>
                <div className="about-title">
                    <div className="container">
                        <div className="row">
                            <img className="center-block" src={this.props.about.image}/>
                            <h2>{this.props.about.title}</h2>
                            { he.decode(this.props.about.body) }
                        </div>
                    </div>
                </div>
            </div>
        );
    }
}

Also, if it were my codebase, I would most likely move the decoding to the API call, and in the component just consume the value that comes from the store

Improve this answer

Comments

4

You can simply try this, it decodes text and then display.

<p dangerouslySetInnerHTML={{__html:"&amp;nbsp;"}}/>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.