From 3bf3f42dc73ade9d671ca7c7983e848d549b26d2 Mon Sep 17 00:00:00 2001 From: Claudiu Date: Sat, 5 Apr 2025 18:56:59 +0300 Subject: [PATCH] Update security.md Change sanitize-url suggested package --- src/guide/best-practices/security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/guide/best-practices/security.md b/src/guide/best-practices/security.md index 7bc62b0dee..329232d8e8 100644 --- a/src/guide/best-practices/security.md +++ b/src/guide/best-practices/security.md @@ -110,7 +110,7 @@ In a URL like this: ``` -There's a potential security issue if the URL has not been "sanitized" to prevent JavaScript execution using `javascript:`. There are libraries such as [sanitize-url](https://www.npmjs.com/package/@braintree/sanitize-url) to help with this, but note: if you're ever doing URL sanitization on the frontend, you already have a security issue. **User-provided URLs should always be sanitized by your backend before even being saved to a database.** Then the problem is avoided for _every_ client connecting to your API, including native mobile apps. Also note that even with sanitized URLs, Vue cannot help you guarantee that they lead to safe destinations. +There's a potential security issue if the URL has not been "sanitized" to prevent JavaScript execution using `javascript:`. There are libraries such as [sanitize-url](https://www.npmjs.com/package/@sofuxro/sanitize-url) to help with this, but note: if you're ever doing URL sanitization on the frontend, you already have a security issue. **User-provided URLs should always be sanitized by your backend before even being saved to a database.** Then the problem is avoided for _every_ client connecting to your API, including native mobile apps. Also note that even with sanitized URLs, Vue cannot help you guarantee that they lead to safe destinations. ### Style Injection {#style-injection}