pageClass | sidebarDepth | title | description |
---|---|---|---|
rule-details |
0 |
vue/no-v-html |
disallow use of v-html to prevent XSS attack |
disallow use of v-html to prevent XSS attack
- ⚙️ This rule is included in
"plugin:vue/recommended"
.
This rule reports all uses of v-html
directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
<template>
<!-- ✓ GOOD -->
<div>{{ someHTML }}</div>
<!-- ✗ BAD -->
<div v-html="someHTML"></div>
</template>
Nothing.
If you are certain the content passed to v-html
is sanitized HTML you can disable this rule.