Dangerous properties in React are those whose behavior is known to be a common source of application vulnerabilities. The properties names clearly indicate they are dangerous and should be avoided unless great care is taken.
See https://facebook.github.io/react/tips/dangerously-set-inner-html.html
Examples of incorrect code for this rule:
var React = require('react');
var Hello = <div dangerouslySetInnerHTML={{ __html: "Hello World" }}></div>;
Examples of correct code for this rule:
var React = require('react');
var Hello = <div>Hello World</div>;
...
"react/no-danger": [<enabled>, {
"customComponentNames": Array<string>,
}]
...
Defaults to []
, if you want to enable this rule for all custom components you can pass customComponentNames
as ['*']
, or else you can pass specific components name to the array.
If you are certain the content passed to dangerouslySetInnerHTML is sanitized HTML you can disable this rule.