Adele
Reputation: 51
VueJS - sanitizing output to prevent cross-site scripting attacks
I'm new to VueJS. I start learning about the v-html directive.
My question is: how to sanitize output to prevent cross-site scripting attacks?
Upvotes: 3
Views: 3237
Answers (1)
SeyyedKhandon
Reputation: 6131
you can use https://www.npmjs.com/package/vue-sanitize for this kind of purposes, but consider that the attack surface may vary based on what you need and what you want to do with v-html, and there are alot of attack ways like add script running on img on error , base64 coded scripts and so on... so be carefull about using v-html.
Upvotes: 1
Related Questions
- Is v-html safe when outputting text?
- Vue.js XSS vulnerability
- Avoid Vue warn when using custom tags
- V-html only use for text, is it safe?
- Vuejs 3: Prevent compiling plain HTML-Tags
- Content Security Policy reject XSS attacks in v-html
- How to add CSP header (Content-Security-Policy) to vuejs app?
- Storing sensitive data in Vuex
- Vue is automatically escaping html characters
- How to handle sanitizing in JavaScript editors that allow formatting