Discover the methods to render an HTML string in the DOM without escaping in a React application.
I encountered an issue where I needed to add an HTML string from a WYSIWYG editor into a React application. However, simply adding {myString}
to the JSX implementation resulted in the HTML tags being displayed to the user.
To solve this problem, I found two potential solutions: one utilizing native functionality and the other requiring a third-party library.
First Solution: Using dangerouslySetInnerHTML
To insert an HTML string into the content of an HTML element, you can utilize the dangerouslySetInnerHTML
attribute:
<div dangerouslySetInnerHTML={{ __html: props.house.description }}></div>
It is important to note that the term “dangerously” is included in the function’s name for a reason. In this case, HTML is not escaped, which opens the possibility for cross-site scripting (XSS) issues. Nonetheless, there are valid use cases for this approach.
Second Solution: Utilizing a 3rd Party Library
Several libraries simplify the implementation of the dangerouslySetInnerHTML
functionality. One such library is react-html-parser
.
Here is the GitHub link for the library: https://github.com/wrakky/react-html-parser
Warning: Please note that, as of the time of writing, this library has not been updated in the past 2 years. While it worked for me, there is a possibility of compatibility issues in the future.
Choosing the Best Approach
Although there are other similar libraries available, I ultimately decided to use the dangerouslySetInnerHTML
method. The name itself serves as a cautionary reminder to accurately whitelist the HTML tags allowed in the user-inputted HTML string.