packages/compiler-dom/src/decodeHtmlBrowser.ts rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `decoder` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 10: decoder.innerHTML = `
` -------------------------------------------------------------------------------- 13: decoder.innerHTML = raw packages/reactivity/src/ref.ts rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX 75: return createRef(value, false) -------------------------------------------------------------------------------- 88: return createRef(value, true) packages/runtime-core/__tests__/hydration.spec.ts rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `container` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 23: container.innerHTML = html -------------------------------------------------------------------------------- rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `teleportContainer` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 269: teleportContainer.innerHTML = teleportHtml -------------------------------------------------------------------------------- 332: teleportContainer.innerHTML = teleportHtml -------------------------------------------------------------------------------- rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `container` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 428: container.innerHTML = await renderToString(h(App)) -------------------------------------------------------------------------------- 480: container.innerHTML = await renderToString(h(App)) -------------------------------------------------------------------------------- 507: container.innerHTML = await renderToString(h(App)) -------------------------------------------------------------------------------- 591: container.innerHTML = await renderToString(h(App)) -------------------------------------------------------------------------------- 671: container.innerHTML = html -------------------------------------------------------------------------------- 734: container.innerHTML = html packages/runtime-core/src/renderer.ts rule:javascript.lang.correctness.useless-eqeq.eqeq-is-bad: Detected a useless comparison operation `dynamicChildren == dynamicChildren` or `dynamicChildren != dynamicChildren`. This operation is always true. If testing for floating point NaN, use `math.isnan`, or `cmath.isnan` if the number is complex. Details: https://sg.run/Kl6n 941: } else if (!optimized && dynamicChildren == null) { packages/runtime-dom/__tests__/nodeOps.spec.ts rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `parent` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 43: parent.innerHTML = existing -------------------------------------------------------------------------------- 71: parent.innerHTML = existing packages/runtime-dom/src/nodeOps.ts rule:typescript.react.security.audit.react-unsanitized-property.react-unsanitized-property: User controlled data in a `t` is an anti-pattern that can lead to XSS vulnerabilities Details: https://sg.run/70Zv 82: t.innerHTML = isSVG ? `${content}` : content test-dts/defineComponent.test-d.tsx rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX 263: {}} 268: cc={['cc']} 269: dd={{ n: 1 }} 270: ee={() => 'ee'} 271: ccc={['ccc']} 272: ddd={['ddd']} -------- [hid 13 additional lines, adjust with --max-lines-per-finding] -------- test-dts/functionalComponent.test-d.tsx rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX 16:expectType() test-dts/tsx.test-d.tsx rule:typescript.react.security.audit.react-no-refs.react-no-refs: `ref` usage found, refs give direct DOM access and may create a possibility for XSS Details: https://sg.run/v0dX 31:expectType(
)