I’ve never understood dangerouslySetInnerHTML. Been working on the authoring/HTML rendering in Kitten and I’ve decided on the following model:
- Anything you interpolate into your templates is escaped. So you’re protected from script injection by default. (I’m a big fan of safe by default vs. blame after the fact.)
- To include HTML, you call safelyAddHtml(untrustedHtml) in your template. That sanitises it before adding.
Think I’m happy with that.
@aral Hi Aral, l love the Kitten name.
if this URL (found on the project github page) is supposed to be working, well it isn’t… https://kitten.small-web.org/ (and neither is www.small-web.org, but small-web.org works)
@fabienmarry Oh, that’s live somewhere, sorry. It’s not ready yet. Currently the repository is the only live site.