How to display post content in the block editor

It is true that using RawHTML (or dangerouslySetInnerHTML) is discouraged and indeed prone to XSS attacks like <img src=x onerror=alert(1)//> and <p>abc<iframe//src=jAva&Tab;script:alert(3)>def</p>.

But if you need to set HTML directly from React, then you’ll have to use dangerouslySetInnerHTML, either directly (e.g. <div dangerouslySetInnerHTML={ ({ __html: 'foo <b>bar</b>' }) } />) or via RawHTML in Gutenberg (e.g. <RawHTML>{ 'foo <b>bar</b>' }</RawHTML>).

However, whether it’s React, jQuery or even vanilla JS (direct access on innerHTML), the recommended practice has always been to sanitize the HTML, or ensuring it’s safe, before passing it to the browser.

So despite WordPress does not (yet) have HTML sanitization functions in JS, there are actually libraries such as DOMPurify that we can use to ensure the HTML is safe.

And there are other libraries out there that you could choose from, but I thought DOMPurify is awesome, so here’s an example assuming you’ve installed the package:

// At the top in your file:
import DOMPurify from 'dompurify';
// or you can use wp_enqueue_script() to "normally" load the src/purify.js or
// dist/purify.min.js file, and a global window variable named DOMPurify will
// be available on the page.

// Then somewhere in your code, use DOMPurify.sanitize() to sanitize the HTML:
<div className="custom-post-content">
    <RawHTML>{ DOMPurify.sanitize( custompost.content.rendered ) }</RawHTML>
</div>

So I hope that helps & Happy coding! 🙂

Related Posts:

  1. Failed to load resource: the server responded with a status of 404 (Not Found)
  2. Maximum call stack size exceeded error
  3. Google Chrome Uncaught (in promise) DOMException while playing AUDIO
  4. How to make a word underline in Markdown
  5. ChartJS beginAtZero, min, max doesn’t work
  6. how to fix : ” TypeError: Cannot read property ‘addEventListener’ of null”…?//
  7. ReferenceError: $ is not defined
  8. React.js: Set innerHTML vs dangerouslySetInnerHTML
  9. jQuery.click() vs onClick
  10. Add swipe left/right to web page, but use default swipe up/down
  11. Check if checkbox is checked with jQuery
  12. Angular: mat-form-field must contain a MatFormFieldControl
  13. Change Background color (css property) using Jquery
  14. Failed to load resource: net::ERR_FILE_NOT_FOUND loading json.js
  15. Get class name using jQuery
  16. How to clear the canvas for redrawing
  17. JavaScript get element by name
  18. Use images like checkboxes
  19. Completely disable scrolling of webpage
  20. TypeError: Cannot Set property ‘onclick’ of null
  21. How do I scroll to an element using JavaScript?
  22. display variable image using cookies
  23. character counter – backspace doesn’t reflect on characters remaining
  24. Open URL in same window and in same tab
  25. How to convert selected HTML to Json?
  26. How to Open New window on every Click
  27. “.addEventListener is not a function” why does this error occur?
  28. Cannot read property ‘getContext’ of null, using canvas
  29. How to move an element after another element using JS or jquery?
  30. How to use Javascript to read local text file and read line by line?
  31. Why is the jquery script not working?
  32. DOMException: Failed to load because no supported source was found
  33. Textarea Auto height
  34. Partial render in HTML/JavaScript
  35. How to add onload event to a div element
  36. Print the contents of a DIV
  37. Showing an image from an array of images – Javascript
  38. Embedding instagram webpage inside an iframe
  39. Set value to currency in
  40. HTML Entity Decode
  41. why angularjs ng-repeat not working
  42. Scroll to bottom of div?
  43. HTML5 rich-text inside textarea
  44. How do I check if a cookie exists?
  45. Highlight a word with jQuery
  46. How do I refresh a DIV content?
  47. jQuery sort elements using data id
  48. getContext is not a function
  49. JavaScript code to stop form submission
  50. Change an image with onclick()
  51. Strip HTML from Text JavaScript
  52. Closing Bootstrap modal onclick
  53. Fire oninput event with jQuery
  54. window.location() not working, not opening page
  55. How to clear the canvas for redrawing
  56. Default text on input
  57. How to scroll to top of page with JavaScript/jQuery?
  58. Calling a JavaScript function in another js file
  59. How to embed an autoplaying YouTube video in an iframe?
  60. JavaScript code not running in HTML5 document
  61. Cannot read property ‘style’ of undefined — Uncaught Type Error
  62. Unexpected token < in first line of HTML
  63. How to set “style=display:none;” using jQuery’s attr method?
  64. WordPress Bootstrap Handburger Menu Wont Open
  65. Is there a core Sortable component in Gutenberg?
  66. Is there an equivalent of the PHP function sanitize_key in Gutenberg?
  67. Gutenberg Modify core taxonomy panel element via wp.hooks.addFilter
  68. What is “open()” in MediaUpload?
  69. Setting HTML properties in a Gutenberg plugin using WordPress settings
  70. How to get value of selected page template in Gutenberg editor?
  71. @wordpress/components Button variants not styled
  72. How can I add Block Style support to the core HTML block in Gutenberg?
  73. can a buttongroup have a label?
  74. InnerBlocks restricting does not work on nested blocks
  75. Gutenberg: Block validation Failed Richtext undefined
  76. Add custom HTML markup to Gutenberg RichText
  77. Get Block Attributes in JSON REST API
  78. Open Featured Image Modal in WordPress Gutenberg onClick of a button
  79. My Button Default Click Is Not Working In WordPress Using Javascript Code
  80. How can I import one custom block into another?
  81. Gutenberg Blocks: how to determine an index of the current inner block?
  82. Gutenberg select excerpt, use generated excerpt or use more block excerpt
  83. find out reason of “Updating failed” in Post-editor
  84. Gutenberg RangeControl
  85. Make a script work within a page
  86. Putting custom html/js page into Elementor as it’s own block
  87. Add Paypal button redirect to a specific page after completing
  88. Add a Page Screen is Visually Blank
  89. Gutenberg sidebar show input field on toggle
  90. Get the ID of a page in Parent combobox in editor
  91. Can’t Listen to KeyDown in TInyMCE Iframe (jQuery) and Pass it to Parent HTML FORM
  92. Update block once an API request returns with a value
  93. Making the HTML list to a checkbox tree with the plugin jstree [closed]
  94. WordPress Gutenberg: Attribute overwritten by block duplicate
  95. Passing object to FormTokenField suggestions
  96. Styling parent based on a child element of a child in a WordPress page
  97. How do i get an Inline style in Gutenberg Block show up in front end?
  98. I have custom html mixed with inline javascript that I want added to my WordPress site, how do I achieve this?
  99. Gutenberg core/file add style support in js/ json
  100. Working with a non-React external library in a custom block