Replies: 2 comments
-
If you look in the component reference doc sections, it says
Yes, {{ }} Is safe from xss as it will not render as html |
Beta Was this translation helpful? Give feedback.
-
Why are you concerning yourself with the usage of v-html in the docs? Few elements have the ability to use an html prop. Each instance has a heavy note about their usage https://bootstrap-vue.org/docs/components/carousel#props . Unless there is a serious security issue with bootstrap-vue, the duty to have a secure app falls on the implementer. |
Beta Was this translation helpful? Give feedback.
-
Hello,
Am I safe using bootstrap-vue concerning XSS atacks?
https://github.com/bootstrap-vue/bootstrap-vue/search?q=v-html shows bootstrap uses v-html but is that a problem?
Is it a problem only if I use bootstrap components who use v-html or is it a problem even if I don't use one?
Finally, is using
{{ myContent }}
fixing the issue if I use a bootstrap-vue component who use v-html itself?Thank you
Beta Was this translation helpful? Give feedback.
All reactions