Create predefined configuration templates for v-safe-html
Proposal
Go through v-safe-html
usages in the codebase and look for opportunities to create pre-defined templates for the used configuration. For example, helpText
would just require the anchor tags with href
and rel
attributes.
Why
While the default config aims to prevent against all possible XSS issues we come across, we must try to restrict our v-safe-html
usages to allow only the required tags / attributes. This would safe guard against the HTML Injection issues.