We have an XSS black list that we run on content created in our App before we save and display it with
Which was great until we have to support 3rd party content, which may have any HTML in it and we can’t validate it until we display it.
What’s the best practice of pre-formatting/parsing/converting/stripping HTML at runtime to safe-HTML that won’t
- break our layout (static widths and heights)
- contain outside links in html (except for an
<a href>that may be a part of the document)
- anything malicious
Does anyone know of a plugin/mixin something along the lines of v-make-html-safe?