Zengtudor/Nuxt
1
0
Fork 0
mirror of https://github.com/nuxt/nuxt.git synced 2024-11-11 16:43:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
26dc7473d1
Nuxt/docs/3.api/2.composables/use-head-safe.md
Sébastien Chopin f26a801775
docs: update to new website (#23743) 
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Daniel Roe <daniel@roe.dev>
2023-10-18 12:59:43 +02:00

1.5 KiB
Raw Blame History

title description links
useHeadSafe The recommended way to provide head data with user input.
label icon to size
Source i-simple-icons-github https://github.com/unjs/unhead/blob/main/packages/unhead/src/composables/useHeadSafe.ts xs

The useHeadSafe composable is a wrapper around the useHead composable that restricts the input to only allow safe values.

Usage

You can pass all the same values as useHead

useHeadSafe({
  script: [
    { id: 'xss-script', innerHTML: 'alert("xss")' }
  ],
  meta: [
    { 'http-equiv': 'refresh', content: '0;javascript:alert(1)' }
  ]
})
// Will safely generate
// <script id="xss-script"></script>
// <meta content="0;javascript:alert(1)">

::read-more{to="https://unhead.unjs.io/usage/composables/use-head-safe" target="_blank"} Read more on unhead documentation. ::

Type

useHeadSafe(input: MaybeComputedRef<HeadSafe>): void

The whitelist of safe values is:

export default {
  htmlAttrs: ['id', 'class', 'lang', 'dir'],
  bodyAttrs: ['id', 'class'],
  meta: ['id', 'name', 'property', 'charset', 'content'],
  noscript: ['id', 'textContent'],
  script: ['id', 'type', 'textContent'],
  link: ['id', 'color', 'crossorigin', 'fetchpriority', 'href', 'hreflang', 'imagesrcset', 'imagesizes', 'integrity', 'media', 'referrerpolicy', 'rel', 'sizes', 'type'],
}

See @unhead/schema for more detailed types.