An example of client-side template injection with Vue.js
This is not a problem with Vue itself.
For more details, see the following issue.
XSS Payload
Example: Client-Side Template Injection with Vue
Home Page: https://vue-client-side-template-injection-example.azu.now.sh/?name=test
An example of client-side template injection with Vue.js
This is not a problem with Vue itself.
For more details, see the following issue.
XSS Payload
Hello, I know this is relatively old, but this repo is being used by some "security researchers" as an evidence of Vue being "insecure" when the vulnerability itself actually isn't a Vue-induced problem.
For the injection to work, this repro is directly inlining unsanitized user input in raw HTML. This practice itself already allows any attacker to inject anything they want without any JavaScript framework being involved. Since the HTML will be evaluated before Vue even gets to process it, the vulnerability is fundamentally caused by the practice of rendering unsanitized HTML (which any competent dev should know to avoid), not by using Vue.
Vue docs also explicitly discourages users from doing this - related info: https://vuejs.org/guide/best-practices/security.html#rule-no-1-never-use-non-trusted-templates
This repo can still serve as an example of what not to do - but please include the above clarification in the README.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.