astro/no-set-html-directive
disallow use of
set:htmlto prevent XSS attack
📖 Rule Details
This rule reports all uses of set:html in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
---
/* eslint astro/no-set-html-directive: "error" */
---
{/* ✓ GOOD */}
<p>{foo}</p>
<p set:text={foo} />
{/* ✗ BAD */}
<p set:html={foo} />
🔧 Options
Nothing.
🔇 When Not To Use It
If you are certain the content passed to set:html is sanitized HTML you can disable this rule.
📚 Further Reading
🚀 Version
This rule was introduced in eslint-plugin-astro v0.2.0
🔍 Implementation
Edit this page
Back
← astro/valid-compile Next Page
astro/no-set-text-directive →
← astro/valid-compile Next Page
astro/no-set-text-directive →