Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7077c5e

Browse files
zpaozpao
committed
Merge pull request facebook#4931 from bspaulding/safe-taint-docs
Extracted "safe taint" in docs/homepage to align with best practice (cherry picked from commit 0656811)
1 parent 217c54d commit 7077c5e

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

docs/_js/examples/markdown.js

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@ var MarkdownEditor = React.createClass({
66
handleChange: function() {
77
this.setState({value: React.findDOMNode(this.refs.textarea).value});
88
},
9+
rawMarkup: function() {
10+
return { __html: marked(this.state.value, {sanitize: true}) };
11+
},
912
render: function() {
1013
return (
1114
<div className="MarkdownEditor">
@@ -17,9 +20,7 @@ var MarkdownEditor = React.createClass({
1720
<h3>Output</h3>
1821
<div
1922
className="content"
20-
dangerouslySetInnerHTML={{
21-
__html: marked(this.state.value, {sanitize: true})
22-
}}
23+
dangerouslySetInnerHTML={this.rawMarkup()}
2324
/>
2425
</div>
2526
);

docs/docs/tutorial.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -257,14 +257,18 @@ That's React protecting you from an [XSS attack](https://en.wikipedia.org/wiki/C
257257
```javascript{4,10}
258258
// tutorial7.js
259259
var Comment = React.createClass({
260-
render: function() {
260+
rawMarkup: function() {
261261
var rawMarkup = marked(this.props.children.toString(), {sanitize: true});
262+
return { __html: rawMarkup };
263+
},
264+
265+
render: function() {
262266
return (
263267
<div className="comment">
264268
<h2 className="commentAuthor">
265269
{this.props.author}
266270
</h2>
267-
<span dangerouslySetInnerHTML={{"{{"}}__html: rawMarkup}} />
271+
<span dangerouslySetInnerHTML={this.rawMarkup()} />
268272
</div>
269273
);
270274
}

0 commit comments

Comments
 (0)