React's dangerouslySetInnerHTML
cocacrave opened this issue · comments
cocacrave commented
Is it safe to use draftToHTML
the content inside react using dangerouslySetInnerHTML
without sanitizing? I'm assuming because there are only limited html tags this package supports to convert. Also how would I sanitize the draftjs
content to be safe?
Sorry I asked this in stackoverflow but no real response yet.
Jyoti Puri commented
Hello @cocacrave,
This is true draftToHTML
supports only limited tags. Content generated by draftjs
does not have HTML tags they are added by draftToHTML
.
Sanitizing the html generated draftToHTML
should be I think enough and you do not need to separately sanitize draftjs
content.
That hope that answers your query.