Skip to content

Latest commit

 

History

History
45 lines (30 loc) · 1.16 KB

no-v-html.md

File metadata and controls

45 lines (30 loc) · 1.16 KB
Raw
pageClass sidebarDepth title description
rule-details
0
vue/no-v-html
disallow use of v-html to prevent XSS attack

vue/no-v-html

disallow use of v-html to prevent XSS attack

  • ⚙️ This rule is included in "plugin:vue/vue3-recommended" and "plugin:vue/recommended".

📖 Rule Details

This rule reports all uses of v-html directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.

<template>
  <!-- ✓ GOOD -->
  <div>{{ someHTML }}</div>

  <!-- ✗ BAD -->
  <div v-html="someHTML"></div>
</template>

🔧 Options

Nothing.

🔇 When Not To Use It

If you are certain the content passed to v-html is sanitized HTML you can disable this rule.

📚 Further Reading

🔍 Implementation