pageClass	sidebarDepth	title	description	since
rule-details	0	vue/no-v-html	disallow use of v-html to prevent XSS attack	v4.7.0

vue/no-v-html

disallow use of v-html to prevent XSS attack

⚙️ This rule is included in all of "plugin:vue/recommended", *.configs["flat/recommended"], "plugin:vue/vue2-recommended" and *.configs["flat/vue2-recommended"].

📖 Rule Details

This rule reports all uses of v-html directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.

<template>
  <!-- ✓ GOOD -->
  <div>{{ someHTML }}</div>

  <!-- ✗ BAD -->
  <div v-html="someHTML"></div>
</template>

🔧 Options

Nothing.

🔇 When Not To Use It

If you are certain the content passed to v-html is sanitized HTML you can disable this rule.

🚀 Version

This rule was introduced in eslint-plugin-vue v4.7.0

🔍 Implementation

Rule source
Test source

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

no-v-html.md

no-v-html.md

vue/no-v-html

📖 Rule Details

🔧 Options

🔇 When Not To Use It

🚀 Version

🔍 Implementation

Files

no-v-html.md

Latest commit

History

no-v-html.md

File metadata and controls

vue/no-v-html

📖 Rule Details

🔧 Options

🔇 When Not To Use It

🚀 Version

🔍 Implementation