@dobbel thanks for the article.
According to the article, seem there are lot things to do to prevent xss attack.
Still not convincing enough.
for eg from the article recommendation:

Go through every line of code to ensure you do not have XSS vulnerabilities.

Even I can do this, but still might have vulnerabilities in Quasar, or even Vue itself. and also might overlook the vulnerabilities as well.
All this seem not piratical to do in real life.