Complete Vue.js 2 Web Development_ Practical guide to building end-to-end web development solutions with Vue.js 2

(singke) #1
Vue Communicates with the Internet Chapter 14

How it works...


To prevent XSS attacks, you must ensure that no user input can appear as code in your app.


This means you must be very careful about using the v-html attribute (the Output raw


HTML recipe).


Unfortunately, you can't control what happens outside your page. If one of your users


receives a fake e-mail that contains a link that corresponds to an action in your application,
clicking on the link in the e-mail will trigger the action.


Let's make a concrete example; you developed a bank app, VueBank, and a user of your app
receives the following fake e-mail:


Hello user!
Click here to read the latest news.
Free download pdf