React, rendering HTML saved from draft-js?
I'm learning React: totally newbie.
If I save to DB the HTML directly from draft.js (or it's variants always based on it) and then in a view page of my React SPA I retrieve HTML from DB through my API:
QUESTIONS:
- how can I render that HTML?
- dangerouslySetInnerHTML? Or maybe one of this (what do you suggest?)?
- I read words like "sanitize", "securing HTML". But how, there is a library?
- I need to secure HTML from draft-js when I save it in DB or after when I'm rendering it?
3.4K+ developers have started their personal blogs on Hashnode in the last one month.
Write in Markdown 路 Publish articles on custom domain 路 Gain readership on day zero 路 Automatic GitHub backup and more
I did the exact same same thing with github.com/wrakky/react-html-parser
Using a Django Rest Framework API - I saved my "page" objects as JSON Fields, so the client could construct the payloads freely. Then the the outgoing payload would just contain a JSON object with key/value and the value was a string of html.
{
"text": "<p>some block of html that is just a string</p>"
}
To my recollection, letting Django handle security was enough - but it was an internal tool so we weren't worried about xss or whatever threat is possible.
Comments (1)