| pageClass | sidebarDepth | title | description | since |
|---|---|---|---|---|
rule-details |
0 |
vue/no-v-html |
disallow use of v-html to prevent XSS attack |
v4.7.0 |
disallow use of v-html to prevent XSS attack
- ⚙️ This rule is included in all of
"plugin:vue/vue3-recommended",*.configs["flat/recommended"],"plugin:vue/recommended"and*.configs["flat/vue2-recommended"].
This rule reports all uses of v-html directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
<template>
<!-- ✓ GOOD -->
<div>{{ someHTML }}</div>
<!-- ✗ BAD -->
<div v-html="someHTML"></div>
</template>Nothing.
If you are certain the content passed to v-html is sanitized HTML you can disable this rule.
This rule was introduced in eslint-plugin-vue v4.7.0