jsx-eslint/eslint-plugin-react

no-danger does not report dangerouslySetInnerHTML usage in React.createElement

Open

#4,004 创建于 2026年5月4日

在 GitHub 查看
 (3 评论) (0 反应) (0 负责人)JavaScript (8,630 star) (2,797 fork)batch import
enhancementhelp wanted

描述

The no-danger rules only reports dangerouslySetInnerHTML when it's used in JSX, but not when it's used in React.createElement

To be fair, it's mentioned in the rule description, but it took me a bit to see this. Also, the similar no-danger-with-children rule does report usage in React.createElement, so it would be nice to be consistent here.

贡献者指南

技术栈
javascriptreact
领域
frontendtooling
议题类型
feature
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
2
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
1-3 hours
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
fresh
清晰度议题是否清楚说明期望改动、验收标准和下一步。
mostly clear
前置要求
basic understanding of ESLint plugin developmentfamiliarity with AST
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
60
研究方向
To fix this, examine the current implementation of the `no danger` rule in `lib/rules/no danger.js`. Look at how the `no danger with children` rule handles `React.createElement` calls in its source file for a pattern to follow. Add a visitor for `CallExpression` nodes where the callee is `React.createElement` and check if any argument uses `dangerouslySetInnerHTML`. Ensure the rule also works for imported `createElement` aliases. Refer to comments in the issue for any maintainer guidance.