Sanitizing labels, preventing XSS attacks
i noticed inside the select component the following :
Starting with Quasar v0.17.10+, please make sure the labels are sanitized, otherwise your app might be a target for XSS attacks.
should we sanitize absolutely ALL labels … or only the labels for select component ? Or only the labels resulting or related to user input
what is the best approach to do it ?.. e.g. something like
npm install sanitize-html
import sanitizeHTML from 'sanitize-html'; Vue.prototype.$sanitize = sanitizeHTML
s.molinari last edited by
It’s related to user input and for the option labels, as I understand it.