interview-answe icon indicating copy to clipboard operation
interview-answe copied to clipboard

Published 20 hours ago verified publisher icon weekCodeing

201.[vue]v-html 的使用可能出现的问题

Open webVueBlog opened this issue 5 years ago • 1 comments

[vue]

webVueBlog avatar Apr 21 '20 01:04 webVueBlog

导致 xss 攻击

<input v-model='msg'>
<div v-html='msg'></div>

用户的输入内容是不可靠的,比如输入:

<img src='' onerror='alert(1)'> 会弹出对话框

解决方法:①输入框增加验证规则②使用 Unicode 编码转移字符 会替换子元素的内容

webVueBlog avatar Apr 21 '20 01:04 webVueBlog