42 <Skeleton loading={loading} h="192px">
43 <div
44 // biome-ignore lint: Sanitized by `xss`
45 dangerouslySetInnerHTML={{ __html: payload }}46 className="card bg-secondary h-48 p-4 overflow-y-scroll whitespace-pre-wrap break-all"
47 />
48 </Skeleton>Dangerous properties in React are those whose behavior is known to be a common source of application vulnerabilities. The properties names clearly indicate they are dangerous and should be avoided unless great care is taken.
dangerouslySetInnerHTML is React's replacement for using innerHTML in the browser DOM.
In general, setting HTML from code is risky because it's easy to inadvertently expose your users to a cross-site scripting (XSS) attack.
So, you can set HTML directly from React, but you have to type out dangerouslySetInnerHTML and pass an object with a __html key, to remind yourself that it’s dangerous.
If you want to have dynamic HTML content that is not possible to achieve using regular React code, add a skipcq comment to prevent DeepSource from flagging this issue, along with an explanation.
Bad Practice
import React from 'react';
const Hello = <div dangerouslySetInnerHTML={{ __html: "Hello World" }}></div>;
Recommended
import React from 'react';
const Hello = <div>Hello World</div>;