{"id":4419,"url":"https://github.com/almost/react-native-html-webview","last_synced_at":"2026-03-02T08:30:55.283Z","repository":{"id":29895825,"uuid":"33441449","full_name":"almost/react-native-html-webview","owner":"almost","description":"Display HTML in a UIWebView, optionally sanitizing it first","archived":false,"fork":false,"pushed_at":"2016-05-31T18:18:46.000Z","size":26,"stargazers_count":107,"open_issues_count":4,"forks_count":20,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-11-02T02:19:49.366Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/almost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-04-05T13:21:08.000Z","updated_at":"2025-05-09T07:18:59.000Z","dependencies_parsed_at":"2022-09-13T02:41:39.750Z","dependency_job_id":null,"html_url":"https://github.com/almost/react-native-html-webview","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/almost/react-native-html-webview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/almost%2Freact-native-html-webview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/almost%2Freact-native-html-webview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/almost%2Freact-native-html-webview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/almost%2Freact-native-html-webview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/almost","download_url":"https://codeload.github.com/almost/react-native-html-webview/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/almost%2Freact-native-html-webview/sbom","scorecard":{"id":186169,"data":{"date":"2025-08-11","repo":{"name":"github.com/almost/react-native-html-webview","commit":"4fc99c056848ae7fe071894498ae47ac0be65b8c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":1,"reason":"Found 5/29 approved changesets -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-16T19:50:20.257Z","repository_id":29895825,"created_at":"2025-08-16T19:50:20.257Z","updated_at":"2025-08-16T19:50:20.257Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29995912,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-02T01:47:34.672Z","status":"online","status_checked_at":"2026-03-02T02:00:07.342Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-01-05T20:17:11.333Z","updated_at":"2026-03-02T08:30:55.250Z","avatar_url":"https://github.com/almost.png","language":"Objective-C","readme":"NOTE: There's not much point to this component now the built in WebView has more features. You might want to check out my ([safe-html](http://github.com/almost/safe-html)) library though if you want to make your untrusted HTML safe.\n\n# react-native-html-webview\n\nDisplay (possibly untrusted) HTML using a UIWebView in React Native.\n\nUses an HTML Sanitizer to remove only let through a whitelist of tags\nand attributes (so it removes all javascript). Also supports\nautomatically adjusting the height of the webview to contain the\ncontents you give it.\n\nWritten by Thomas Parslow\n([almostobsolete.net](http://almostobsolete.net) and\n[tomparslow.co.uk](http://tomparslow.co.uk)) as part of Active Inbox\n([activeinboxhq.com](http://activeinboxhq.com/)).\n\nA couple of similar projects are\n[HTMLText](https://github.com/siuying/react-native-htmltext) and\n[HTMLView](https://github.com/jsdf/react-native-htmlview) both of\nwhich render a subset of HTML as React Native views. This project\ntakes a slightly different approach of using a UIWebView giving a full\nHTML renderer, but that means it has to rely on an HTML sanitizer to\nclean up untrusted HTML.\n\n## Installation\n\nInstall using npm with `npm install --save react-native-html-webview`\n\nYou then need to add the Objective C part to your XCode project. Drag\n`AIBHTMLWebView.xcodeproj` from the\n`node_modules/react-native-html-webview` folder into your XCode\nprojec. Click on the your project in XCode, goto `Build Phases` then\n`Link Binary With Libraries` and add `libAIBHTMLWebView.a`.\n\nNOTE: Make sure you don't have the `AIBHTMLWebView` project open seperately in XCode otherwise it won't work.\n\n## Usage\n\n```javascript\nvar HTMLWebView = require('react-native-html-webview');\n\nvar testView = React.createClass({\n  render: function() {\n    return (\n      \u003cView\u003e\n        \u003cHTMLWebView\n            style={{width: 300}}\n            html={this.state.htmlContents}\n            makeSafe={true}\n            autoHeight={true}\n            onLink={this.onLink}/\u003e\n      \u003c/View\u003e\n    );\n  },\n  onLink: function (href) {\n    // Link was clicked!\n  }\n});\n```\n\n## Properties\n\n- **html** : The html content to display as a string\n- **makeSafe** (default: true) : Run the HTML through an HTML\n    sanitizer ([safe-html](http://github.com/almost/safe-html)) before\n    inserting it to remove script tags and similar unsafe things. Pass\n    in `true` to use the default options for safe-html, pass in\n    `false` to turn it off, or pass in an object to set config options\n    for safe-html.\n- **autoHeight** (default: false) : Automatically adjust the height of\n    the webview to fit the contents (also turns off scrolling).\n- **onLink** : Pass in a function to be called when the user clicks a\n    link, the function will be given the href.\n\n## Security Warning\n\nThis relies on HTML sanitization to protect you from executing\nJavaScript included in untrusted HTML. It's using my\n[safe-html](https://www.npmjs.com/package/safe-html) library which\nworks based on a whitelist of allowed tags but it's still possbile\nsomeone could find a way round it.\n\nIf an attacker *did* find a way round the sanitizer they'd still only\nbe running JavaScript inside a WebView. So they wouldn't automatically\nget access to the rest of your app, but they would be able to load\nother stuff into the webview and possibly other stuff that you may not\nwant.\n\n## Feedback Welcome!\n\nFeedback, questions, suggestions and most of all Pull Requests are\nvery welcome. This is an early version and I want to figure out the\nbest way to continue it.\n\nI'm also available for freelance work!\n\nI'm [@almostobsolete](http://twitter.com/almostobsolete) on Twitter my\nemail is [tom@almostobsolete.net](mailto:tom@almostobsolete.net) and\nyou can find me on the web at\n[tomparslow.co.uk](http://tomparslow.co.uk) and\n[almostobsolete.net](http://almostobsolete.net)\n","funding_links":[],"categories":["Components"],"sub_categories":["Text \u0026 Rich Content"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falmost%2Freact-native-html-webview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falmost%2Freact-native-html-webview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falmost%2Freact-native-html-webview/lists"}