Nuxt/docs/3.api/2.composables/use-head-safe.md

---
title: useHeadSafe
description: The recommended way to provide head data with user input.
links:
  - label: Source
    icon: i-simple-icons-github
    to: https://github.com/unjs/unhead/blob/main/packages/vue/src/composables.ts
    size: xs
---

The `useHeadSafe` composable is a wrapper around the [`useHead`](/docs/api/composables/use-head) composable that restricts the input to only allow safe values.

## Usage

You can pass all the same values as [`useHead`](/docs/api/composables/use-head)

```ts
useHeadSafe({
  script: [
    { id: 'xss-script', innerHTML: 'alert("xss")' }
  ],
  meta: [
    { 'http-equiv': 'refresh', content: '0;javascript:alert(1)' }
  ]
})
// Will safely generate
// <script id="xss-script"></script>
// <meta content="0;javascript:alert(1)">
```

::read-more{to="https://unhead.unjs.io/usage/composables/use-head-safe" target="_blank"}
Read more on `unhead` documentation.
::

## Type

```ts
useHeadSafe(input: MaybeComputedRef<HeadSafe>): void
```

The list of allowed values is:

```ts
const WhitelistAttributes = {
  htmlAttrs: ['class', 'style', 'lang', 'dir'],
  bodyAttrs: ['class', 'style'],
  meta: ['name', 'property', 'charset', 'content', 'media'],
  noscript: ['textContent'],
  style: ['media', 'textContent', 'nonce', 'title', 'blocking'],
  script: ['type', 'textContent', 'nonce', 'blocking'],
  link: ['color', 'crossorigin', 'fetchpriority', 'href', 'hreflang', 'imagesrcset', 'imagesizes', 'integrity', 'media', 'referrerpolicy', 'rel', 'sizes', 'type'],
}
```

See [SafeInputPlugin](https://github.com/unjs/unhead/blob/main/packages/unhead/src/plugins/safe.ts) for more detailed types.
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00			`---`
docs: update to new website (#23743) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Daniel Roe <daniel@roe.dev> 2023-10-18 10:59:43 +00:00			`title: useHeadSafe`
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00			`description: The recommended way to provide head data with user input.`
docs: update to new website (#23743) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Daniel Roe <daniel@roe.dev> 2023-10-18 10:59:43 +00:00			`links:`
			`- label: Source`
			`icon: i-simple-icons-github`
doc: broken links 2025-01-21 06:07:34 +00:00			`to: https://github.com/unjs/unhead/blob/main/packages/vue/src/composables.ts`
docs: update to new website (#23743) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Daniel Roe <daniel@roe.dev> 2023-10-18 10:59:43 +00:00			`size: xs`
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00			`---`

docs: improve head section (#19673) 2023-03-14 14:24:41 +00:00			The `useHeadSafe` composable is a wrapper around the [`useHead`](/docs/api/composables/use-head) composable that restricts the input to only allow safe values.
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00
docs: improve head section (#19673) 2023-03-14 14:24:41 +00:00			`## Usage`

docs: add more internal links (#22013) 2023-07-07 16:24:09 +00:00			You can pass all the same values as [`useHead`](/docs/api/composables/use-head)
docs: re-enable docs linting and update docs (#20084) 2023-04-04 13:23:13 +00:00
docs: improve head section (#19673) 2023-03-14 14:24:41 +00:00			```ts
			`useHeadSafe({`
			`script: [`
			`{ id: 'xss-script', innerHTML: 'alert("xss")' }`
			`],`
			`meta: [`
			`{ 'http-equiv': 'refresh', content: '0;javascript:alert(1)' }`
			`]`
			`})`
			`// Will safely generate`
			`// <script id="xss-script"></script>`
			`// <meta content="0;javascript:alert(1)">`
			```

docs: update to new website (#23743) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Daniel Roe <daniel@roe.dev> 2023-10-18 10:59:43 +00:00			`::read-more{to="https://unhead.unjs.io/usage/composables/use-head-safe" target="_blank"}`
			Read more on `unhead` documentation.
			`::`
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00
			`## Type`

			```ts
			`useHeadSafe(input: MaybeComputedRef<HeadSafe>): void`
			```

docs: improve wording (#30106) 2024-12-01 15:30:35 +00:00			`The list of allowed values is:`
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00
			```ts
chore: unhead 2.0.0-alpha.13 2025-02-14 07:04:03 +00:00			`const WhitelistAttributes = {`
			`htmlAttrs: ['class', 'style', 'lang', 'dir'],`
			`bodyAttrs: ['class', 'style'],`
			`meta: ['name', 'property', 'charset', 'content', 'media'],`
			`noscript: ['textContent'],`
			`style: ['media', 'textContent', 'nonce', 'title', 'blocking'],`
			`script: ['type', 'textContent', 'nonce', 'blocking'],`
			`link: ['color', 'crossorigin', 'fetchpriority', 'href', 'hreflang', 'imagesrcset', 'imagesizes', 'integrity', 'media', 'referrerpolicy', 'rel', 'sizes', 'type'],`
feat(nuxt): add `useHeadSafe` and remove layer around head imports (#19548) 2023-03-10 08:01:21 +00:00			`}`
			```

chore: unhead 2.0.0-alpha.13 2025-02-14 07:04:03 +00:00			`See [SafeInputPlugin](https://github.com/unjs/unhead/blob/main/packages/unhead/src/plugins/safe.ts) for more detailed types.`