You are currently viewing the docs for Dioxus 0.3.2 which is no longer maintained.

Special Attributes

While most attributes are simply passed on to the HTML, some have special behaviors.

The HTML Escape Hatch

If you're working with pre-rendered assets, output from templates, or output from a JS library, then you might want to pass HTML directly instead of going through Dioxus. In these instances, reach for dangerous_inner_html.

For example, shipping a markdown-to-Dioxus converter might significantly bloat your final application size. Instead, you'll want to pre-render your markdown to HTML and then include the HTML directly in your output. We use this approach for the Dioxus homepage:

src/dangerous_inner_html.rs
// this should come from a trusted source
let contents = "live <b>dangerously</b>";

cx.render(rsx! {
div {
    dangerous_inner_html: "{contents}",
}
})

Note! This attribute is called "dangerous_inner_html" because it is dangerous to pass it data you don't trust. If you're not careful, you can easily expose cross-site scripting (XSS) attacks to your users.

If you're handling untrusted input, make sure to sanitize your HTML before passing it into dangerous_inner_html – or just pass it to a Text Element to escape any HTML tags.

Boolean Attributes

Most attributes, when rendered, will be rendered exactly as the input you provided. However, some attributes are considered "boolean" attributes and just their presence determines whether they affect the output. For these attributes, a provided value of "false" will cause them to be removed from the target element.

So this RSX wouldn't actually render the hidden attribute:

src/dangerous_inner_html.rs
cx.render(rsx! {
div {
    hidden: "false",
    "hello"
}
})
<div>hello</div>

Not all attributes work like this however. Only the following attributes have this behavior:

  • allowfullscreen
  • allowpaymentrequest
  • async
  • autofocus
  • autoplay
  • checked
  • controls
  • default
  • defer
  • disabled
  • formnovalidate
  • hidden
  • ismap
  • itemscope
  • loop
  • multiple
  • muted
  • nomodule
  • novalidate
  • open
  • playsinline
  • readonly
  • required
  • reversed
  • selected
  • truespeed

For any other attributes, a value of "false" will be sent directly to the DOM.