# vue/no-v-html
disallow use of v-html to prevent XSS attack
- ⚙️ This rule is included in
"plugin:vue/vue3-recommended"
and"plugin:vue/recommended"
.
# 📖 Rule Details
This rule reports all uses of v-html
directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
<template>
<!-- ✓ GOOD -->
<div>{{ someHTML }}</div>
<!-- ✗ BAD -->
<div v-html="someHTML"></div>
</template>
# 🔧 Options
Nothing.
# 🔇 When Not To Use It
If you are certain the content passed to v-html
is sanitized HTML you can disable this rule.
# 📚 Further Reading
# 🚀 Version
This rule was introduced in eslint-plugin-vue v4.7.0