# Special Attributes While most attributes are simply passed on to the HTML, some have special behaviors. ## The HTML Escape Hatch If you're working with pre-rendered assets, output from templates, or output from a JS library, then you might want to pass HTML directly instead of going through Dioxus. In these instances, reach for `dangerous_inner_html`. For example, shipping a markdown-to-Dioxus converter might significantly bloat your final application size. Instead, you'll want to pre-render your markdown to HTML and then include the HTML directly in your output. We use this approach for the [Dioxus homepage](https://dioxuslabs.com): ```rust, no_run {{#include ../../../examples/dangerous_inner_html.rs:dangerous_inner_html}} ``` > Note! This attribute is called "dangerous_inner_html" because it is **dangerous** to pass it data you don't trust. If you're not careful, you can easily expose [cross-site scripting (XSS)](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks to your users. > > If you're handling untrusted input, make sure to sanitize your HTML before passing it into `dangerous_inner_html` – or just pass it to a Text Element to escape any HTML tags. ## Boolean Attributes Most attributes, when rendered, will be rendered exactly as the input you provided. However, some attributes are considered "boolean" attributes and just their presence determines whether they affect the output. For these attributes, a provided value of `"false"` will cause them to be removed from the target element. So this RSX wouldn't actually render the `hidden` attribute: ```rust, no_run {{#include ../../../examples/boolean_attribute.rs:boolean_attribute}} ``` ```html
hello
``` Not all attributes work like this however. _Only the following attributes_ have this behavior: - `allowfullscreen` - `allowpaymentrequest` - `async` - `autofocus` - `autoplay` - `checked` - `controls` - `default` - `defer` - `disabled` - `formnovalidate` - `hidden` - `ismap` - `itemscope` - `loop` - `multiple` - `muted` - `nomodule` - `novalidate` - `open` - `playsinline` - `readonly` - `required` - `reversed` - `selected` - `truespeed` For any other attributes, a value of `"false"` will be sent directly to the DOM.