- ⚙️ This rule is included in
"plugin:vue/recommended".
This rule reports use of v-html directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
This rule reports all uses of v-html to help prevent XSS attacks.
This rule does not check syntax errors in directives because it's checked by no-parsing-error rule.
👎 Examples of incorrect code for this rule:
<template>
<div v-html="someHTML"></div>
</template>👍 Examples of correct code for this rule:
<template>
<div>{{someHTML}}</div>
</template>Nothing.
If you are certain the content passed to v-html is sanitized HTML you can disable this rule.