Input sanitization in ReactJS

reactjs xss sanitization input-sanitization
Shamnad P S picture Shamnad P S · Apr 24, 2017 · Viewed 16.2k times · Source

I am using ReactJS do develop a simple chat application. Could someone help me to sanitize the input . There is only one input text box to send chat messages. How to sanitize it?. 

<input type="text"
              className="chat"
              value={this.state.name}
            />

Based on the documentations HTML escapes html by default. Is it enough?. Do I need to add any other sanitization methods. If yes, please let me know how to do that?.

Answer

dgrijuela picture dgrijuela · Apr 24, 2017

It's sanitized by default, you don't need a sanitization method unless you are using dangerouslySetInnerHTML which is not the case.

Related questions

What does it mean when they say React is XSS protected?

I read this on the React tutorial. What does this mean? React is safe. We are not generating HTML strings so XSS protection is the default. How do XSS attacks work if React is safe? How is this safety achieved?

Read More
Can you force a React component to rerender without calling setState?

I have an external (to the component), observable object that I want to listen for changes on. When the object is updated it emits change events, and then I want to rerender the component when any change is detected. With …

Read More
Loop inside React JSX

I'm trying to do something like the following in React JSX (where ObjectRow is a separate component): <tbody> for (var i=0; i < numrows; i++) { <ObjectRow/> } </tbody> I realize and understand why this isn't …

Read More