filter inputs where dangerouslySetInnerHTML is used in React

Inputs are not filtered where dangerouslySetInnerHTML is used, and it could easily lead to some XSS vulnerabilities.

We need to discuss which tags/attributes/values need to be used in each place where dangerouslySetInnerHTML is used. I see 8 occurrences using grep in the app directory :

grep -R 'dangerouslySetInnerHTML' --exclude-dir=node_modules --exclude-dir=.meteor ./

./imports/ui/components/introduction/IntroductionAccordion.jsx: <div style={{ padding: '10px' }} dangerouslySetInnerHTML={{ __html: body || '' }} />

./imports/ui/components/personalspace/PersonalZone.jsx: dangerouslySetInnerHTML={{ __html: title }}

./imports/ui/pages/articles/PublicArticleDetailsPage.jsx: <div className={ql-editor ${classes.content}} dangerouslySetInnerHTML={{ __html: article.content }} />

./imports/ui/pages/legal/LegalPage.jsx: <Typography className={classes.text} dangerouslySetInnerHTML={{ __html: data.content }} />

./imports/ui/pages/services/SingleServicePage.jsx: <div className={classes.content} dangerouslySetInnerHTML={{ __html: service.content }} />

./imports/ui/pages/groups/SingleGroupPage.jsx: dangerouslySetInnerHTML={{ __html: group.content }}

./imports/ui/pages/system/SignUp.jsx: {!ready ? : <div dangerouslySetInnerHTML={{ __html: introduction }} />}

./imports/ui/pages/system/SignIn.jsx: <div dangerouslySetInnerHTML={{ __html: introduction }} />

Edited Jul 12, 2022 by Roquigny Olivier