Get rid of Dangerous HTML injections
<div className="card-title" dangerouslySetInnerHTML={{__html: props.title}}></div>
In many places in the React code, there is use of the dangerouslySetHTML attribute. This does not seem like a good practice. Code search "dangerously"
Problem background
Some of the strings imported from the WP api comes pre-formatted in HTML. E.g. page descriptions, and sometimes titles.
Discussion questions?
- How shall users update formatted text?
- Do we want to keep this formatting?
- How much variation shall we allow in formatting?
Proposal:
For now, we stick with HTML-content in the DB. So this issues becomes mostly sanitizing the HTML before showing it.
Related issues
- #83 (closed) WYSYWIG
- #127 (closed) Translate DB into Markdown
Edited by Daniel