SonarQube "dangerouslysetinnerHTML" attribute didn't report

Hi, we run a static code analysis from GitHub using the “sonarsource/sonarqube-scan-action@master” GitHub Action, and send the report to an instance of SonarQube version to some apps and it didn’t give us the advice that we use the “” attribute in some lines of code. Why can this happen?

I google for it and found this ticket since 2018 that seems that SonarQube really have this feature I am right?

[RSPEC-4447] “dangerouslySetInnerHTML” should be used with extreme caution - Jira (

Can you give me some advice about where can be the error?


Welcome to the community!

I’m not understanding the problem. Can you copy/paste the logs with the full error? Or if this isn’t in logs, then a screenshot?


Hi Ann, thanks for the fast response! It is not a issue but only understand if we can have an advice or a flag when the subject attribute:“dangerouslysetinnerHTML” are in use inside any file code of a project.
Like I said before, we have some files in a project with this attribute and SonarQube didn’t give us an advice to look if it is implemented ok.


Thanks for the explanation. This rule was never implemented. From what I see in Jira, it was specified at the end of January 2018, and then rejected (Closed/Won’t Fix) less than a month later. There are no comments, so it’s not clear to me why.

That’s why I’ve moved this thread to the ‘New rules / languages’ category, to register your FN report as a request for this rule to be resurrected and implemented.

As a side note, the RSpec repository in Jira has been deprecated for a couple years now & the contents moved to (and maintained in) GitHub. (RSPEC).


Cool, thanks for the explanation and all the work you do! I will follow the RSPEC you sends me.

Again thank you!

1 Like