disallow use of set:html to prevent XSS attack

📖 Rule Details

This rule reports all uses of set:html in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.

🔧 Options


🔇 When Not To Use It

If you are certain the content passed to set:html is sanitized HTML you can disable this rule.

📚 Further Reading

🚀 Version

This rule was introduced in eslint-plugin-astro v0.2.0

🔍 Implementation

Edit this page