Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: "Unsafe assignment to innerHTML" warning from Mozilla addons linter #21993

Open
tdriley opened this issue Jul 30, 2021 · 5 comments
Open

Bug: "Unsafe assignment to innerHTML" warning from Mozilla addons linter #21993

tdriley opened this issue Jul 30, 2021 · 5 comments
Labels
Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug

Comments

@tdriley
Copy link

tdriley commented Jul 30, 2021

Our Browser Extension addon seems to be stuck in review with Mozilla, and their submission service is feeding back (what appear to be ESLint warnings), saying "Unsafe assignment to innerHTML."

I can recreate the warnings by running the Mozilla addons-linter on our extension's dist files and removing react-dom prevents the warnings, but then of course there is no ReactDOM.render func to render the react app onto the page.

Is there any alternative to react-dom without moving away from react completely, or a way to prevent the assignment of .innerHTML from being in the dist files of a react app?

React version: 16.9.0

Steps To Reproduce

  1. Build a Web Extension addon using react apps for the Popup and Options UIs.
  2. Use the Mozilla addons-linter npm package to lint the dist files.

Link to code example:

react/packages/react-dom/src/client/setInnerHTML.js

Line 63 in cae6350

node.innerHTML = (html: any); 

// Any src which imports the react-dom package will result in dist files which trigger the linter warnings.
import ReactDOM from "react-dom"

System:
OS: macOS 10.15.7
Binaries:
Node: 12.2.0 - ~/.nvm/versions/node/v12.2.0/bin/node
npm: 7.5.2 - ~/.nvm/versions/node/v12.2.0/bin/npm
npmPackages:
@babel/core: ^7.5.5 => 7.5.5
@babel/preset-env: ^7.5.5 => 7.5.5
@babel/preset-react: ^7.0.0 => 7.0.0
babel-jest: ^24.9.0 => 24.9.0
babel-loader: ^8.0.6 => 8.0.6
babel-plugin-emotion: ^10.0.19 => 10.0.19
jest: ^24.9.0 => 24.9.0
webpack: ^4.39.2 => 4.39.2

The current behavior

It is not possible to build Web Extensions with react which do not trigger the "Unsafe assignment to innerHTML" warnings from the Mozilla addons linter.

The expected behavior

It is possible to build Web Extensions with react which do not trigger the "Unsafe assignment to innerHTML" warnings from the Mozilla addons linter.
@tdriley tdriley added the Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug label Jul 30, 2021
@stale
Copy link

stale bot commented Jan 9, 2022

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment!
@stale stale bot added the Resolution: Stale Automatically closed due to inactivity label Jan 9, 2022
@gBasil
Copy link

gBasil commented Jun 11, 2022
edited
Loading

Hopefully this will eventually receive a setting or something, it's still an issue.
@stale stale bot removed the Resolution: Stale Automatically closed due to inactivity label Jun 11, 2022
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 1, 2024

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. We are sorry that we haven't been able to prioritize it yet. If you have any new additional information, please include it with your comment!
@github-actions github-actions bot added the Resolution: Stale Automatically closed due to inactivity label Jul 1, 2024
@ihsanalikapahi01
Copy link

Please reopen this as it is not sorted out yet
@github-actions github-actions bot removed the Resolution: Stale Automatically closed due to inactivity label Jul 1, 2024
@GabenGar
Copy link

GabenGar commented Jul 1, 2024

Can it be sorted out? Pretty sure dangerouslySetInnerHTML relies on Element.innerHTML to work. The only way out of it is to write the react module in such way so dangerouslySetInnerHTML gets tree-shaken out of bundle if it's not used.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Status: Unconfirmed A potential issue that we haven't yet confirmed as a bug
5 participants
@tdriley @gBasil @GabenGar @ihsanalikapahi01 and others