highsecurity
Dangerous HTML Injection (XSS)
Detects usage of dangerouslySetInnerHTML which can lead to Cross-Site Scripting attacks.
Why This Is Bad
This command allows hackers to inject malicious scripts into your website. It's called Cross-Site Scripting (XSS).
How To Fix
Use a sanitization library like DOMPurify:
typescript
// Install: npm install dompurify @types/dompurify
import DOMPurify from 'dompurify';
// Before (DANGEROUS)
<div dangerouslySetInnerHTML={{ __html: userContent }} />
// After (SAFE)
<div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(userContent) }} />When You Pass This Check
Perfect! No dangerous HTML injection points found.
Check If Your Repo Has This Issue
Our free scanner will detect this and 17 other common issues in your codebase.