\";\nconst safeHTML = DOMPurify.sanitize(rawHTML);\n\nconst SafeComment = () => (\n // Yup! The HTML here is 'dangerously' sanitized ๐Ÿฅธ\n
\n);\n\n\nThis injects safeHTML into the SafeComment component's div. Be sure to use this method for trusted content only.","image":"https://explain.codes/media/static/images/eightify-logo.svg","author":{"@type":"Person","name":"Nikita Barsukov","url":"https://explain.codes//author/nikita-barsukov"},"publisher":{"@type":"Organization","name":"Rational Expressions, Inc","logo":{"@type":"ImageObject","url":"https://explain.codes/landing/images/[email protected]"}},"datePublished":"2025-01-16T18:45:01.368Z","dateModified":"2025-01-16T18:45:03.503Z"}
Explain Codes LogoExplain Codes Logo

Insert HTML with React Variable Statements (JSX)

javascript
jsx
react
html-parsing
Nikita BarsukovbyNikita BarsukovยทJan 16, 2025
โšกTLDR

To embed HTML in React, use dangerouslySetInnerHTML with an __html key. It's essential to sanitize the HTML to prevent cross-site scripting (XSS).

import DOMPurify from 'dompurify';

const rawHTML = "<script>//This isn't suspicious at all ๐Ÿ˜…</script>";
const safeHTML = DOMPurify.sanitize(rawHTML);

const SafeComment = () => (
  // Yup! The HTML here is 'dangerously' sanitized ๐Ÿฅธ
  <div dangerouslySetInnerHTML={{ __html: safeHTML }} />
);

This injects safeHTML into the SafeComment component's div. Be sure to use this method for trusted content only.

Safe HTML parsing

When you need to parse and render HTML, consider using the html-react-parser library. Ensure that the content is sanitized before parsing.

import parse from 'html-react-parser';
const parsedHTML = parse(safeHTML);

const ParsedComment = () => (<div>//Parsed HTML here, nothing to see ๐Ÿ‘€{parsedHTML}</div>);

When it comes to dynamic content in JSX, wrap it in {} without quotes, also known as JSX variable interpolation.

const headerText = 'Welcome';
const WelcomeUser = () => <h1>{headerText} // Wave "Hello ๐Ÿ‘‹" to Redux!</h1>;

For grouping multiple elements without adding additional nodes to the DOM, use <Fragment> or <>.

Reusability with components

Creating reusable HTML elements? You may want to consider breaking them into separate components or functions returning JSX.

const Greeting = ({ name }) => <p>Hello, {name}! // Can you see the "personal touch" ๐Ÿ˜‰?</p>;

If dynamic content needs frequent updates, manage state and data flow to keep the UI responsive and secure.

Mitigate XSS when parsing HTML

It's incredibly important to ensure safe practices when injecting HTML. Treat dangerouslySetInnerHTML with caution, and implement XSS mitigation strategies. Always use DOMPurify.sanitize() to clean the raw HTML.

const SaferComment = () => (
  <div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(rawHTML) }} />
   // It's like an hazmat suit for your HTML ๐Ÿ’€!
);

For more complex structures, React.createElement allows a declarative creation of components.

Handling complex structures

When dealing with nested or conditional JSX, breaking the complexity into smaller, composable components vastly improves readability and maintainability.

const ToDoItem = ({ task }) => <li>{task} // Check this off your list โœ”๏ธ!</li>;

Take advantage of modern JavaScript by using the spread operator to pass down props to your components. It's as easy as spreading butter ๐Ÿงˆ!

explain-codes / Javascript / Insert HTML with React Variable Statements (JSX)
Safe HTML parsingReusability with componentsMitigate XSS when parsing HTMLHandling complex structures