NO_DANGEROUS_HTML

Conformance is available on Enterprise plans

Unsafe creation of DOM can be done a variety of ways:

  • element.innerHTML
  • element.outerHTML
  • DOMParser.parseFromString()
  • element.insertAdjacentHTML()
  • srcdoc on iframe elements
  • dangerouslySetInnerHTML prop in React apps

Usage of these methods is deemed an unsafe coding practice as the HTML might result in security vulnerabilities.

How to fix

It is recommended to instead use alternative approaches for HTML construction - such as document.createElement() or a HTML sanitizer.

Last updated on March 4, 2025
Next
Account Management