v-html
attribute JS-0693 8 @click="functionCall"
9 v-bind:foo="'bar'"
10 :class="[{ 'foo': isFoo }, { 'bar': isBar }]"
11 v-html="someHTML"12 >
13 <div v-for="item in navItems">{{item.name}}</div>
14 </div>
It is recommended to use interpolation expressions instead of using v-html
as it prevents injection attacks like XSS.
Injecting HTML is a feature available to any front-end framework and used by websites when the server renders HTML.
Using interpolation expressions is recommended as expression here gets stringified instead of getting executed, unlike in v-html
<div v-html="someHTML"></div>
<div>{{ someHTML }}</div>