Vue Communicates with the Internet Chapter 14
How it works...
To prevent XSS attacks, you must ensure that no user input can appear as code in your app.
This means you must be very careful about using the v-html attribute (the Output raw
HTML recipe).
Unfortunately, you can't control what happens outside your page. If one of your users
receives a fake e-mail that contains a link that corresponds to an action in your application,
clicking on the link in the e-mail will trigger the action.
Let's make a concrete example; you developed a bank app, VueBank, and a user of your app
receives the following fake e-mail:
Hello user!
Click here to read the latest news.