I came to this article because I need to display raw HTML into a component in my app. The raw HTML is coming from vue-quill-editor and I display it with v-html. Unfortunately with the latest version of eslint, I'm getting the error: warning 'v-html' directive can lead to XSS attack vue/no-v-html.
Is there a better practice to render HTML without v-html with vuejs?
By the way, good article 👏
Hey Steeve! If you absolutely need to use v-html (which I understand you do), then you should look into sanitizing user input when it gets to the server. I can recommend this library I've been working with recently, if you're using Node server side then it might help! npmjs.com/package/sanitize-html
I came to this article because I need to display raw HTML into a component in my app. The raw HTML is coming from
vue-quill-editor
and I display it withv-html
. Unfortunately with the latest version of eslint, I'm getting the error:warning 'v-html' directive can lead to XSS attack vue/no-v-html
.Is there a better practice to render HTML without
v-html
with vuejs?By the way, good article 👏
Hey Steeve. If you trust the data then you can happily use v-html. E.g. your data is coming from your own CMS
Hey Steeve! If you absolutely need to use v-html (which I understand you do), then you should look into sanitizing user input when it gets to the server. I can recommend this library I've been working with recently, if you're using Node server side then it might help! npmjs.com/package/sanitize-html
I will take a look, thanks Nando :)