12Şub
Vue HTML escape
I have done a code scan and fail to understand whether there is a real problem. For both cases I get "Vue HTML escaping is disabled.".
- Case 1:
<a :href="return.url">
doesn't this simply embed the value ofreturn.url
? Is this vulnerable to a XSS? - Case 2:
<span v-html="htmlTemp">
I read in the Vue.js documentation thatv-html
is potentially dangerous.
How would I mitigate it?