Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace dangerouslySetInnerHTML with createInterpolateElement in React apps #6759

Closed
delawski opened this issue Dec 3, 2021 · 1 comment · Fixed by #7000
Closed

Replace dangerouslySetInnerHTML with createInterpolateElement in React apps #6759

delawski opened this issue Dec 3, 2021 · 1 comment · Fixed by #7000
Labels
Changelogged Whether the issue/PR has been added to release notes. Enhancement New feature or improvement of an existing one Infrastructure Changes impacting testing infrastructure or build tooling javascript Pull requests that update Javascript code P2 Low priority
Milestone
v2.3

Comments

@delawski
Copy link
Collaborator

delawski commented Dec 3, 2021

Feature Description

In React components we are often using a combination of dangerouslySetInnerHTML (or <RawHTML>) with one of the i18n functions like __() for rendering translated strings containing HTML elements like:

<p
  dangerouslySetInnerHTML={ {
    __html: __( 'This is <b>bold</b>.', 'amp' ),
  } }
/>

This approach has some limitations. One is that only simple HTML elements can be interpolated this way. E.g. it's not possible to interpolate a React component into a translated string:

- __( 'Go to <ExternalLink href="https://example.com/">example.com</ExternalLink>', 'amp' );
+ __( 'Go to <a href="https://example.com/" target="_blank" rel="noopener noreferrer">example.com</a>', 'amp' );

The second issue is that using dangerouslySetInnerHTML along with translated strings has some security concerns.

However, since WordPress 5.5 there's a solution available at our disposal: createInterpolateElement.

Here's how the same example would look like with createInterpolateElement:

createInterpolateElement(
  __( 'Go to <a>example.com</a>', 'amp' ),
  {
    a: <ExternalLink href="https://example.com/" />,
  },
);

We should replace all occurrences of dangerouslySetInnerHTML or <RawHTML> with createInterpolateElement.

Acceptance Criteria

No response

Implementation Brief

No response

QA Testing Instructions

No response

Demo

No response

Changelog Entry

No response
@delawski delawski added Enhancement New feature or improvement of an existing one Infrastructure Changes impacting testing infrastructure or build tooling javascript Pull requests that update Javascript code labels Dec 3, 2021
@delawski delawski added this to the v2.3 milestone Dec 3, 2021
@delawski delawski mentioned this issue Dec 3, 2021
Merged
2 tasks
@westonruter westonruter added the P2 Low priority label Dec 23, 2021
@westonruter westonruter modified the milestones: v2.3, v2.2.2 Feb 9, 2022
@westonruter westonruter modified the milestones: v2.2.2, v2.2.3 Mar 3, 2022
@dhaval-parekh dhaval-parekh self-assigned this Mar 24, 2022
@dhaval-parekh dhaval-parekh mentioned this issue Mar 28, 2022
Merged
2 tasks
@westonruter westonruter modified the milestones: v2.2.3, v2.2.4, 2.2.5 Apr 6, 2022
@maitreyie-chavan maitreyie-chavan modified the milestones: v2.2.5, v2.3 Apr 14, 2022
@pooja-muchandikar
Copy link

Performed smoke testing on the plugin and the features are working as expected ✅
No blockers found so far.

@westonruter westonruter added the Changelogged Whether the issue/PR has been added to release notes. label Jun 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Changelogged Whether the issue/PR has been added to release notes. Enhancement New feature or improvement of an existing one Infrastructure Changes impacting testing infrastructure or build tooling javascript Pull requests that update Javascript code P2 Low priority
Projects
None yet
Milestone
v2.3
Development

Successfully merging a pull request may close this issue.

Replace use of dangerouslySetInnerHTML with createInterpolateElement ampproject/amp-wp
5 participants
@westonruter @delawski @dhaval-parekh @maitreyie-chavan @pooja-muchandikar