I'm new to VueJS. I start learning about the v-html directive. My question is: how to sanitize output to prevent cross-site scripting attacks?
Asked
Active
Viewed 2,230 times
3
-
2"Only use HTML interpolation on trusted content and never on user-provided content." — https://vuejs.org/v2/guide/syntax.html#Raw-HTML – Quentin Jan 03 '20 at 09:12
1 Answers
1
you can use https://www.npmjs.com/package/vue-sanitize for this kind of purposes, but consider that the attack surface may vary based on what you need and what you want to do with v-html, and there are alot of attack ways like add script running on img on error , base64 coded scripts and so on... so be carefull about using v-html.
SeyyedKhandon
- 5,197
- 8
- 37
- 68