React.js: Set innerHTML vs dangerouslySetInnerHTML
Question
Is there any "behind the scenes" difference from setting an element's innerHTML vs setting the dangerouslySetInnerHTML property on an element? Assume I'm properly sanitizing things for the sake of simplicity.
Example:
var test = React.createClass({
render: function(){
return (
<div contentEditable='true' dangerouslySetInnerHTML={{ __html: "Hello" }}></div>
);
}
});
vs
var test = React.createClass({
componentDidUpdate: function(prevProp, prevState){
this.refs.test.innerHTML = "Hello";
},
render: function(){
return (
<div contentEditable='true' ref='test'></div>
);
}
});
I'm doing something a bit more complicated than the above example, but the overall idea is the same
5 answers
solution1
310 ACCPTED 2016-05-20 06:35:32
Yes there is a difference!
The immediate effect of using innerHTML versus dangerouslySetInnerHTML is identical -- the DOM node will update with the injected HTML.
However , behind the scenes when you use dangerouslySetInnerHTML it lets React know that the HTML inside of that component is not something it cares about.
Because React uses a virtual DOM, when it goes to compare the diff against the actual DOM, it can straight up bypass checking the children of that node because it knows the HTML is coming from another source . So there's performance gains.
More importantly , if you simply use innerHTML , React has no way to know the DOM node has been modified. The next time the render function is called, React will overwrite the content that was manually injected with what it thinks the correct state of that DOM node should be.
Your solution to use componentDidUpdate to always ensure the content is in sync I believe would work but there might be a flash during each render.
solution2
13 2020-02-04 06:38:52
According to Dangerously Set innerHTML ,
Improper use of the
innerHTMLcan open you up to a cross-site scripting (XSS) attack. Sanitizing user input for display is notoriously error-prone, and failure to properly sanitize is one of the leading causes of web vulnerabilities on the internet.Our design philosophy is that it should be "easy" to make things safe, and developers should explicitly state their intent when performing “unsafe” operations. The prop name
dangerouslySetInnerHTMLis intentionally chosen to be frightening, and the prop value (an object instead of a string) can be used to indicate sanitized data.After fully understanding the security ramifications and properly sanitizing the data, create a new object containing only the key
__htmland your sanitized data as the value. Here is an example using the JSX syntax:
function createMarkup() {
return {
__html: 'First · Second' };
};
<div dangerouslySetInnerHTML={createMarkup()} />
Read more about it using below link:
documentation : React DOM Elements - dangerouslySetInnerHTML .
solution3
13 2020-10-19 23:43:13
可以直接绑定dom
<div dangerouslySetInnerHTML={{__html: '<p>First · Second</p>'}}></div>
solution4
3 2016-05-20 03:43:46
Based on ( dangerouslySetInnerHTML ).
It's a prop that does exactly what you want. However they name it to convey that it should be use with caution
solution5
0 2021-11-07 17:07:02
Yes there is a difference b/w the two: dangerouslySetInnerHTML : React diffing algorithm ( https://reactjs.org/docs/reconciliation.html ) is designed to ignore the HTML nodes modified under this attribute thereby slightly improving the performance . If we use innerHTML, React has no way to know the DOM is modified. The next time the render happens , React will overwrite the content that was manually injected with what it thinks the correct state of that DOM node should be. That's where componentDidUpdate comes to rescue !!
solution6
0 2023-01-17 12:08:02
<div style={{whiteSpace: 'pre-wrap'}}>{data}</div>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.