Comments (6)
Is there any reason to specifically encode these characters?
from react.
@1aron
It seems to me that the best way to balance security and correctness in React is to use alternative styling methods, such as classes or inline styles, instead of CSS selectors that depend on attribute values. This avoids potential security issues associated with code injection, while at the same time providing more reliable and predictable style behavior.
from react.
It seems that you have a problem with character encoding when using renderToString
in React v18.1.0. It automatically encodes special characters such as >
in their HTML texts, which leads to incorrect configuration of CSS elements in your case.
This may be an undesirable change, perhaps if you use special characters in the class for styles or CSS selectors. Your class mt:0>section
should not be automated in the mt:0>section
, as this may lead to an irreversible change in the structure.
You can address this issue by using dangerouslySetInnerHTML
to output unescaped HTML characters:
import React from 'react';
import { renderToString } from 'react-dom/server';
export default function App() {
// Use dangerouslySetInnerHTML to output unescaped HTML characters
const htmlString = renderToString(
<div dangerouslySetInnerHTML={{ __html: '<div class="mt:0>div"></div>' }}></div>
);
return <div dangerouslySetInnerHTML={{ __html: htmlString }}></div>;
}
from react.
@Janelaxagh I understand that escapeHTML
somehow prevents XSS, but does it seem legal to write decoded characters in attribute values? Sometimes, we will select the target element through the CSS attribute selector. Still, when the attribute value of the target element is encoded or decoded, the CSS rules that can be selected normally will become invalid.
I don't know how React balances correctness and safety.
from react.
@Janelaxagh Thank you for your careful reply. I just discovered that we only need to decode the class name when getting it to keep the CSS selection consistent.
master-co/css@13e07c7#diff-4645721ad298aa15015081e24138aa708929aac26a0ad325b31735c8b04c7f1c
from react.
@1aron
It's great that you found a solution! This is a great find and will definitely make working with CSS fetching easier.
from react.
Related Issues (20)
- [DevTools Bug] Could not find node with id "24823" in commit tree HOT 1
- Bug: Infinite loop with useState and useEffect hooks HOT 9
- Bug:
- feature request: Pass HTML tag attributes as single object HOT 8
- Bug: useEffect Hook Does Not Recognize Passed Prop as Function in Child Component HOT 1
- 18.2.0/umd/react.development.js not export use method HOT 1
- Bug: Canary version unexpectedly removes markup rendered by a component in Strict Mode HOT 3
- Bug: onKeyUp Handler fired out of order HOT 2
- Bug: react got runtime error when user breaks the rules of hooks, instead of telling user what to do HOT 4
- Bug: eslint-plugin-react-hooks hangs on function with many conditionals
- Bug: typescript can't determine well useMemo value HOT 3
- Bug: Removal of custom element property sets it to `null` rather than `undefined` HOT 2
- [feat] I hope react supports two instructions r-if and r-for HOT 2
- Name property is not defined for option in the animation color dropdown. HOT 2
- Bug: StrictMode is causing issue when value is calculated using ref value HOT 9
- Updated the README.md file
- [DevTools Bug]: Big Memory Leak HOT 2
- Bug: hot-reload not working with express HOT 3
- Input value leak in chrome browser heap memory HOT 1
- User is unable to select multi color options at once. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from react.