Risk of XSS attacks due to innerHTML

[tabrez96]

Here we set the content to innerHTML and this is prone to XSS attacks. Any alternatives for this?

[vivaxy]

Thanks for your reminding.

The solutions:

1. From user side: I think we can wrap the text prop in some xss modules like xss.
2. From module side: Is there some way to sanitize the text prop as react does? Before we find a proper solution, I'll update the document to mention the XSS risk.