jsx-eslint/eslint-plugin-react

no-danger does not report dangerouslySetInnerHTML usage in React.createElement

Open

#4,004 建立於 2026年5月4日

在 GitHub 查看
 (3 留言) (0 反應) (0 負責人)JavaScript (8,630 star) (2,797 fork)batch import
enhancementhelp wanted

描述

The no-danger rules only reports dangerouslySetInnerHTML when it's used in JSX, but not when it's used in React.createElement

To be fair, it's mentioned in the rule description, but it took me a bit to see this. Also, the similar no-danger-with-children rule does report usage in React.createElement, so it would be nice to be consistent here.

貢獻者指南

技術棧
javascriptreact
領域
frontendtooling
議題類型
feature
難度面向新貢獻者的預計實作難度,1 表示很小改動,5 表示專家級工作。
2
預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。
1-3 hours
活動狀態議題目前的可參與程度:新鮮、活躍、陳舊、阻塞或等待維護者輸入。
fresh
清晰度議題是否清楚說明預期改動、驗收標準和下一步。
mostly clear
前置要求
basic understanding of ESLint plugin developmentfamiliarity with AST
新手友善度1-100 的估計分數,表示該議題對首次貢獻者的友善程度。
60
研究方向
To fix this, examine the current implementation of the `no danger` rule in `lib/rules/no danger.js`. Look at how the `no danger with children` rule handles `React.createElement` calls in its source file for a pattern to follow. Add a visitor for `CallExpression` nodes where the callee is `React.createElement` and check if any argument uses `dangerouslySetInnerHTML`. Ensure the rule also works for imported `createElement` aliases. Refer to comments in the issue for any maintainer guidance.