Use interpolation expressions instead of the
v-html attribute JS-0693'v-html' directive can lead to XSS attack
17</script>
18
19<template>
20 <div class="vp-doc" v-html="content"></div>21</template>
22
23<style scoped>
Description
It is recommended to use interpolation expressions instead of using v-html as it prevents injection attacks like XSS.
Injecting HTML is a feature available to any front-end framework and used by websites when the server renders HTML.
Using interpolation expressions is recommended as expression here gets stringified instead of getting executed, unlike in v-html
Bad Practice
<div v-html="someHTML"></div>
Recommended
<div>{{ someHTML }}</div>