Our great sponsors
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
It is encoded HTML and those are entities. You can use dangerouslySetInnerHTML. It will take care of your entities for you. However, it’s called dangerous for a reason. If you are concerned about the provenance of the HTML, I would probably use DOMPurify or something similar.