mirrors/vue-meta
2
0
Fork 0
mirror of https://github.com/tenrok/vue-meta.git synced 2026-06-24 07:52:09 +03:00
Code Activity

Add __dangerouslyDisableSanitizersByTagID property

Browse Source 
Specify which property for which tagIDKeyName should not be sanitized
This commit is contained in:
pimlie
2017-11-24 15:10:12 +01:00
parent 5acf4cbe45
commit 41907ed652
4 changed files with 87 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+22
View File
@@ -68,6 +68,7 @@
- [`script` ([Object])](#script-object)
- [`noscript` ([Object])](#noscript-object)
- [`__dangerouslyDisableSanitizers` ([String])](#__dangerouslydisablesanitizers-string)
- [`__dangerouslyDisableSanitizersByTagID` ({[String]})](#__dangerouslydisablesanitizersbytagid-string)
- [`changed` (Function)](#changed-function)
- [How `metaInfo` is Resolved](#how-metainfo-is-resolved)
- [Lists of Tags](#lists-of-tags)
@@ -563,6 +564,27 @@ By default, `vue-meta` sanitizes HTML entities in _every_ property. You can disa
:warning: **Using this option is not recommended unless you know exactly what you are doing.** By disabling sanitization, you are opening potential vectors for attacks such as SQL injection & Cross-Site Scripting (XSS). Be very careful to not compromise your application.
#### `__dangerouslyDisableSanitizersByTagID` ({[String]})
Provides same functionality as `__dangerouslyDisableSanitizers` but you can specify which property for which `tagIDKeyName`'s sanitization should be disabled. It expects an object with the vmid's as key and an array with property names value:
```js
{
metaInfo: {
title: '<I will be sanitized>',
meta: [{ vmid: 'description', name: 'still-&-sanitized', content: '& I will not be <sanitized>'}],
__dangerouslyDisableSanitizersByTagID: { description: ['content'] }
}
}
```
```html
<title>&lt;I will be sanitized&gt;</title>
<meta vmid="description" name="still-&amp;-sanitized" content="& I will not be <sanitized>">
```
:warning: **Using this option is not recommended unless you know exactly what you are doing.** By disabling sanitization, you are opening potential vectors for attacks such as SQL injection & Cross-Site Scripting (XSS). Be very careful to not compromise your application.
#### `changed` (Function)
Will be called when the client `metaInfo` updates/changes. Receives the following parameters: