Rules Hub
Coding Rules Library
← Back to all rules
Rule priority, scope & exceptions
Use this to align rules with the senior-level structure (P0/P1/P2, scope, exceptions/tradeoffs).
frontend ruleP0stack specificStack: react
reactsecurityxssjsx
Do not use dangerouslySetInnerHTML when rendering plain children works
Render text/content as normal JSX children instead of dangerouslySetInnerHTML, which opens an XSS hole and is unnecessary for non-HTML strings.
PR: hegnar-web · org-mining-hist-2026-06Created: Jun 19, 2026
Bad example
Old codetsx
| 1 | <div |
| 2 | className="description" |
| 3 | dangerouslySetInnerHTML={{ __html: `<span>${props.description}</span>` }} |
| 4 | /> |
Explanation (EN)
Objašnjenje (HR)
Good example
New codetsx
| 1 | <div className="description"> |
| 2 | <span>{props.description}</span> |
| 3 | </div> |
Explanation (EN)
Objašnjenje (HR)