Question: just how safe is `safeHtml()`?

[bobular]

Just curious what's going on here:

WDKClient/Client/src/Utils/ComponentUtils.tsx

Line 231 in 1d179fe

/** Create a React Element using preformatted HTML */

There doesn't seem to be any checking for <script> tags (which naively I assume would be a bad thing). Is it really "safe" ?

[dmfalke]

This is more akin to a taint: we are saying the contents of the input are presumed safe. Also, I believe React will strip <script> tags for us.