Comments (3)
rozsazoltan
commented on May 30, 2024
Basically, using v-html is a security risk. Instead, you have the option to build your own layout, even copying the default layout, with the modification that you will output the text using v-html. By default, I do not support integrating v-html into a package in any way.
Using v-html is safe or not? - StackOverflow Question
More information from v-html - Vue 3 Docs
Warning
Dynamically rendering arbitrary HTML on your website can be very dangerous because it can easily lead to XSS vulnerabilities. Only use v-html on trusted content and never on user-provided content.
(from Vue 3 Docs)
What I mean is, you can use
v-htmlto render any html that comes from you.
If the html comes from the user, don't usev-html.StackOverflow - Vince
Oct 3, 2019 at 3:33
If a developer needs this functionality, they should only be provided with the opportunity to use it. The <slot> and <template> elements are precisely designed for this purpose. See my example.
How to set Custom UI - v-onboarding docs
<VOnboardingWrapper ref="wrapper" :steps="steps">
<template #default="{ previous, next, step, exit, isFirst, isLast, index }">
<VOnboardingStep>
<div class="bg-white shadow sm:rounded-lg">
<div class="px-4 py-5 sm:p-6">
<div class="sm:flex sm:items-center sm:justify-between">
<div v-if="step.content">
<h3 v-if="step.content.title" class="text-lg font-medium leading-6 text-gray-900">{{ step.content.title }}</h3>
<div v-if="step.content.description" class="mt-2 max-w-xl text-sm text-gray-500">
<div v-html="step.content.description" /> <!-- Added description HERE (instead of {{ step.content.description }} using) -->
</div>
</div>
<div class="mt-5 space-x-4 sm:mt-0 sm:ml-6 sm:flex sm:flex-shrink-0 sm:items-center relative">
<span class="absolute right-0 bottom-full mb-2 mr-2 text-gray-600 font-medium text-xs">{{ `${index + 1}/${steps.length}` }}</span>
<template v-if="!isFirst">
<button @click="previous" type="button" class="inline-flex items-center justify-center rounded-md border border-transparent bg-yellow-100 px-4 py-2 font-medium text-yellow-700 hover:bg-yellow-200 focus:outline-none focus:ring-2 focus:ring-yellow-500 focus:ring-offset-2 sm:text-sm">Previous</button>
</template>
<button @click="next" type="button" class="inline-flex items-center rounded-md border border-transparent bg-indigo-600 px-4 py-2 font-medium text-white shadow-sm hover:bg-indigo-700 focus:outline-none focus:ring-2 focus:ring-indigo-500 focus:ring-offset-2 sm:text-sm">{{ isLast ? 'Finish' : 'Next' }}</button>
</div>
</div>
</div>
</div>
</VOnboardingStep>
</template>
</VOnboardingWrapper>Let there be no misunderstanding, I am not against using v-html, but packages should prioritize security to protect developers from potential issues if they are not burdened with such complexities by default. While I can imagine supporting v-html, it should be done through a boolean option.
Although thanks to <slot>, there is currently the possibility to customize the appearance of the steps, so one could say that it would be an unnecessary innovation.
from v-onboarding.
palachX
commented on May 30, 2024
At the moment I am using slot to change this, but if you add a change of this in the options to step I will be grateful to you)
from v-onboarding.
fatihsolhan
commented on May 30, 2024
🎉 This issue has been resolved in version 2.7.0 🎉
The release is available on:
from v-onboarding.
Related Issues (20)
- Restart doesn't work after finish HOT 3
- Clicking 'X' is emitting, but not closing. HOT 5
- Slide Hooks: Before & After HOT 2
- Prevent click through overlay HOT 1
- Add delay and hide / autoHide HOT 3
- Add indicator for previous click HOT 2
- Dialog placement HOT 1
- toRefs expects a reactive object but received a plain one HOT 1
- Inaccessible panel — Off the bottom of the screen HOT 3
- A11y issue - focus should move to the onboarding card when start() is called HOT 4
- Vue app is crashing. Uncaught TypeError: Object(...) is not a function HOT 4
- Attributes as selector HOT 1
- Rectangular highlight area is offset from the target element HOT 2
- Could not find a declaration file for module 'v-onboarding' HOT 5
- vue__WEBPACK_IMPORTED_MODULE_1__.createElementVNode) is not a function HOT 2
- Could not find a declaration file for module 'v-onboarding' HOT 9
- Overlay doesnt cover screen when css attribute zoom < 1 is applied on parent
- Cannot focus to the attached element input after version 2.7.0
- Enabling OverlayInteraction does not prevent click events from being blocked
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from v-onboarding.