@uxcitizen noticed that there are several spots in this plugin using React's dangerouslySetInnerHTML.
https://github.com/Automattic/liveblog/search?q=dangerouslysetinnerhtml&unscoped_q=dangerouslysetinnerhtml
How many of those can we get rid of with refactoring?
Obviously some places are showing pre-rendered HTML from the server. In those cases, we should be sanitizing the HTML to strip out any unexpected or disallowed tags and attributes before passing it to dangerouslySetInnerHTML to reduce the potential for abuse.
Ideally we have 0 of these calls, but for the ones we can't get away from, we should be sure everything is sanitized as far as possible.
@uxcitizen noticed that there are several spots in this plugin using React's
dangerouslySetInnerHTML.https://github.com/Automattic/liveblog/search?q=dangerouslysetinnerhtml&unscoped_q=dangerouslysetinnerhtml
How many of those can we get rid of with refactoring?
Obviously some places are showing pre-rendered HTML from the server. In those cases, we should be sanitizing the HTML to strip out any unexpected or disallowed tags and attributes before passing it to
dangerouslySetInnerHTMLto reduce the potential for abuse.Ideally we have 0 of these calls, but for the ones we can't get away from, we should be sure everything is sanitized as far as possible.