# vue/no-v-html

disallow use of v-html to prevent XSS attack

  • ⚙️ This rule is included in "plugin:vue/vue3-recommended" and "plugin:vue/recommended".

# 📖 Rule Details

This rule reports all uses of v-html directive in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.

<template> <!-- ✓ GOOD --> <div>{{ someHTML }}</div> <!-- ✗ BAD --> <div v-html="someHTML"></div> </template>
Now loading...

# 🔧 Options

Nothing.

# 🔇 When Not To Use It

If you are certain the content passed to v-html is sanitized HTML you can disable this rule.

# 📚 Further Reading

# 🚀 Version

This rule was introduced in eslint-plugin-vue v4.7.0

# 🔍 Implementation

Last Updated: 12/24/2020, 2:51:18 AM