v-html
attribute JS-0693 55 dynamicContent ? ['text-lg', 'sm:text-xl'] : '',
56 ]"
57 @click="toPost"
58 v-html="purifiedContent /* skipcq: JS-0693 */" 59 ></div>
60 <div
61 v-if="post.media"
It is recommended to use interpolation expressions instead of using v-html
as it prevents injection attacks like XSS.
Injecting HTML is a feature available to any front-end framework and used by websites when the server renders HTML.
Using interpolation expressions is recommended as expression here gets stringified instead of getting executed, unlike in v-html
<div v-html="someHTML"></div>
<div>{{ someHTML }}</div>