Sanitizing labels, preventing XSS attacks

  • i noticed inside the select component the following :

    Starting with Quasar v0.17.10+, please make sure the labels are sanitized, otherwise your app might be a target for XSS attacks.

    should we sanitize absolutely ALL labels … or only the labels for select component ? Or only the labels resulting or related to user input

    what is the best approach to do it ?.. e.g. something like

    npm install sanitize-html
    import sanitizeHTML from 'sanitize-html';
    Vue.prototype.$sanitize = sanitizeHTML


  • It’s related to user input and for the option labels, as I understand it.


Log in to reply