I'm learning React: totally newbie.
If I save to DB the HTML directly from draft.js (or it's variants always based on it) and then in a view page of my React SPA I retrieve HTML from DB through my API:
QUESTIONS:
- how can I render that HTML?
- dangerouslySetInnerHTML? Or maybe one of this (what do you suggest?)?
- I read words like "sanitize", "securing HTML". But how, there is a library?
- I need to secure HTML from draft-js when I save it in DB or after when I'm rendering it?
Jake Foraker
I did the exact same same thing with github.com/wrakky/react-html-parser
Using a Django Rest Framework API - I saved my "page" objects as JSON Fields, so the client could construct the payloads freely. Then the the outgoing payload would just contain a JSON object with key/value and the value was a string of html.
{ "text": "<p>some block of html that is just a string</p>" }To my recollection, letting Django handle security was enough - but it was an internal tool so we weren't worried about xss or whatever threat is possible.