A Vue directive which renders sanitised HTML dynamically. Zero dependencies, compatible with Vue versions 3 and 2, TypeScript-ready.
Note: This library is not XSS-safe, but only strips tags programmatically.
Install package:
npm install vue-safe-html
# OR
yarn add vue-safe-htmlUse the plugin:
import Vue from 'vue';
import VueSafeHTML from 'vue-safe-html';
Vue.use(VueSafeHTML);In your component:
<template>
<div v-safe-html="myUnsafeHTML">
</template>export default {
computed: {
myUnsafeHTML() {
return '<script>oh my!</script> I am safe!';
}
}
}Renders to:
<div>I am safe!</div>Array of strings. Default: ['a', 'b', 'br', 'strong', 'i', 'em', 'mark', 'small', 'del', 'ins', 'sub', 'sup'].
Customize the tags that are allowed to be rendered, either by providing new ones:
Vue.use(VueSafeHTML, {
allowedTags: ['marquee', 'blockquote'],
});Or extending the default ones:
import VueSafeHTML, { allowedTags } from 'vue-safe-html';
Vue.use(VueSafeHTML, {
allowedTags: [...allowedTags, 'marquee', 'blockquote'],
});If no tags are passed, all tags are stripped:
import VueSafeHTML from 'vue-safe-html';
Vue.use(VueSafeHTML, {
allowedTags: [],
});It is also possible to provide custom allowed tags directly to the directive tag, using directive modifiers. This allows local override of the option:
<template>
<!-- only allow p and strong tags -->
<div v-safe-html.p.strong="myUnsafeHTML">
</template>Array of strings. Default: []
Customize the tag attributes that are allowed to be rendered:
Vue.use(VueSafeHTML, {
allowedTags: ['a'],
allowedAttributes: ['title', 'class', 'href'],
});vue-safe-html is written as a Vue plugin so you can easily use it inside Nuxt by following the Nuxt documentation.