DEV Community

Discussion on: Should you care about XSS in Vue.js?

Collapse
 
steeve profile image
Steeve

I came to this article because I need to display raw HTML into a component in my app. The raw HTML is coming from vue-quill-editor and I display it with v-html. Unfortunately with the latest version of eslint, I'm getting the error: warning 'v-html' directive can lead to XSS attack vue/no-v-html.
Is there a better practice to render HTML without v-html with vuejs?
By the way, good article 👏

Collapse
 
phillygogo profile image
phillygogo

Hey Steeve. If you trust the data then you can happily use v-html. E.g. your data is coming from your own CMS

Collapse
 
nandod1707 profile image
Nando Delgado

Hey Steeve! If you absolutely need to use v-html (which I understand you do), then you should look into sanitizing user input when it gets to the server. I can recommend this library I've been working with recently, if you're using Node server side then it might help! npmjs.com/package/sanitize-html

Collapse
 
steeve profile image
Steeve

I will take a look, thanks Nando :)