Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Implement HTML Entity Decode in react.js

I am outputting the text using API from the server, and I have an admin which has the html fields for facilitating filling the content. The issue in here that now the text displaying with html codes. How I can get rid of that undeeded html codes. I guess I have to use html entity decode? How I will implement that in react project? Below you see that the text illustrates not only text and html code.

enter image description here

  export  class FullInfoMedia extends React.Component {
    render() {
        const renderHTML = (escapedHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: escapedHTML } });

        return (
            <div>
                <div className="about-title">
                    <div className="container">
                        <div className="row">
                            <img className="center-block" src={this.props.about.image}/>

                            <h2>{this.props.about.title}</h2>
                            {renderHTML(<p>{this.props.about.body}</p>)} 
                        </div>
                    </div>
                </div>
            </div>
        );
    }
}
like image 765
Feruza Avatar asked Feb 21 '17 08:02

Feruza


3 Answers

You can use dangerouslySetInnerHTML, but be sure you render only your input, not users. It can be great way to XSS.

Example of using:

const renderHTML = (rawHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: rawHTML } });

And then in a component:

{renderHTML("<p>&amp;nbsp;</p>")}
like image 105
Marek Dorda Avatar answered Sep 21 '22 20:09

Marek Dorda


Even though you can use dangerouslySetInnerHTML it's not really a good practice, and as stated by Marek Dorda it's a great thing for making your app XSS vulnerable.

A better solution would be to use the he library. https://github.com/mathiasbynens/he

This would be an example of how would your component look with it.

import he from 'he'

export class FullInfoMedia extends React.Component {
    render() {
        const renderHTML = (escapedHTML: string) => React.createElement("div", { dangerouslySetInnerHTML: { __html: escapedHTML } });

        return (
            <div>
                <div className="about-title">
                    <div className="container">
                        <div className="row">
                            <img className="center-block" src={this.props.about.image}/>
                            <h2>{this.props.about.title}</h2>
                            { he.decode(this.props.about.body) }
                        </div>
                    </div>
                </div>
            </div>
        );
    }
}

Also, if it were my codebase, I would most likely move the decoding to the API call, and in the component just consume the value that comes from the store

like image 31
Alejandro Vales Avatar answered Sep 18 '22 20:09

Alejandro Vales


You can simply try this, it decodes text and then display.

<p dangerouslySetInnerHTML={{__html:"&amp;nbsp;"}}/>
like image 36
ravi Avatar answered Sep 22 '22 20:09

ravi