Use interpolation expressions instead of the v-html attribute JS-0693
Security
Major
a03
owasp top 10
vue
It is recommended to use interpolation expressions instead of using v-html as it prevents injection attacks like XSS.
Injecting HTML is a feature available to any front-end framework and used by websites when the server renders HTML.
Using interpolation expressions is recommended as expression here gets stringified instead of getting executed, unlike in v-html
Bad Practice
<div v-html="someHTML"></div>
Recommended
<div>{{ someHTML }}</div>