简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Web Front-end  >  HTML escaping in React

HTML escaping in React

小云云
小云云Original
2017-12-06 14:17:395423browse

To output fixed content in JSX, directly use UTF-8 characters {code...}, use HTML escape characters {code...} or decimal escape characters {code...} Escape of dynamic content, but if you add a layer of curly brackets outside, in order to prevent XSS from escaping the escaped character entities again, in this article we will share with you the HTML escaping method in React.

  1. Use UTF-8 characters directly 

    <p>版权 ©</p>

  2. Use HTML escape characters

    <p>版权 &copy;</p>

    or Decimal escape characters

    <p>版权 &#169;</p>

Escape of dynamic content

But if you add a layer of curly brackets outside, react will use the escaped characters to prevent xss Character entities are escaped again

React will escape all strings to be displayed to the DOM to prevent XSS. Therefore, if JSX contains escaped entity characters, such as © (©), it will not be displayed correctly in the final DOM because React automatically escapes the special characters in ©. 

<p>{'版权 &#169;'}</p>

Error output

版权 &#169;

Correct writing:

  1. Using UTF-8 characters directly can still output correctly

    <p>{'版权 ©'}</p>

  2. The safe way is to use the corresponding Unicode code

    <p>{'版权 \u00a9'}</p>

  3. Use fromCharCode

    <p>{'版权 ' + String.fromCharCode(169)}</p>

  4. Use array assembly

    <p>{['版权 ', <span>&#169;</span>]}</p>

  5. Use dangerouslySetInnerHTML to avoid React escape characters

    <p dangerouslySetInnerHTML={{ __html: &#39;版权 &#169;&#39; }} />

Reference

  1. JSX Gotchas

  2. Deep into the react technology stack


Output fixed content in JSX

  1. Use UTF-8 characters directly

    <p>版权 ©</p>

  2. Use HTML escape characters

    <p>版权 &copy;</p>

    or decimal escape characters

    <p>版权 &#169;</p>

Escape of dynamic content


But if you add a layer of braces outside, react will escape the escaped character entity again in order to prevent xss

React will escape all strings to be displayed in the DOM to prevent XSS. Therefore, if JSX contains escaped entity characters, such as © (©), it will not be displayed correctly in the final DOM because React automatically escapes the special characters in ©. 

<p>{'版权 &#169;'}</p>

Error output

版权 &#169;

Correct writing:

  1. Using UTF-8 characters directly can still output correctly

    <p>{'版权 ©'}</p>

  2. The safe way is to use the corresponding Unicode code

    <p>{'版权 \u00a9'}</p>

  3. Use fromCharCode

    <p>{'版权 ' + String.fromCharCode(169)}</p>

  4. Use array assembly

    <p>{['版权 ', <span>&#169;</span>]}</p>

  5. Use dangerouslySetInnerHTML to avoid React escape characters

    <p dangerouslySetInnerHTML={{ __html: &#39;版权 &#169;&#39; }} />

The above content is the HTML escape writing method in React, I hope it can help everyone.

Related recommendations:

What are the ways to write components in React

The difference between setState in React and Preact

React event system knowledge

The above is the detailed content of HTML escaping in React. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:HTML page jump and parameter passing issuesNext article:HTML page jump and parameter passing issues

Related articles

See more