Sanitizing labels, preventing XSS attacks



  • i noticed inside the select component the following :

    IMPORTANT
    Starting with Quasar v0.17.10+, please make sure the labels are sanitized, otherwise your app might be a target for XSS attacks.

    should we sanitize absolutely ALL labels … or only the labels for select component ? Or only the labels resulting or related to user input

    what is the best approach to do it ?.. e.g. something like

    npm install sanitize-html
    
    import sanitizeHTML from 'sanitize-html';
    Vue.prototype.$sanitize = sanitizeHTML
    

    etc…



  • It’s related to user input and for the option labels, as I understand it.

    Scott