#Setting HTML in JSON

2 messages · Page 1 of 1 (latest)

placid siren Nov 13, 2024, 1:14 PM

Hi there,
I've managed to set HTML in a JSON file by using a Fragment and set:html.

<p class="item-text">
   <Fragment set:html={key} />
</p>

The json uses standard HTML markup, with some escape characters for the quotes

"key": "Check out our <a href=\"/store\">store</a>"

I'm in control of the JSON file, so there's no security risk really. Would that be ok, or would there be another method?
I've tried without the set:html and it doesn't parse the HTML markup written in the JSON file.

gusty meadow Nov 13, 2024, 3:05 PM

As long the JSON is not coming from user input you should be fine.
Sanitizing the html to remove script tags or other attributes is still best practices in case the above changes.
https://www.npmjs.com/package/sanitize-html

npm

sanitize-html

Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis. Latest version: 2.13.1, last published: a month ago. Start using sanitize-html in your project by running npm i sanitize-html. There are 1952 other projects in the npm registry using sanitize-html.