Gathering detailed insights and metrics for vue-safe-html
Gathering detailed insights and metrics for vue-safe-html
A Vue directive which renders sanitised HTML dynamically
Installations
npm install vue-safe-htmlDeveloper Guide
BETA
Typescript
No
Module System
ESM
Node Version
18.17.1
NPM Version
9.6.7
Releases
4
Languages
1
JavaScript
JavaScript (100%)
Developer
ecosia
Download Statistics
Total Downloads
1,119,895
Last Day
18
Last Week
4,259
Last Month
23,541
Last Year
300,837
GitHub Statistics
NOASSERTION License
32 Stars
224 Commits
5 Forks
12 Watchers
6 Branches
13 Contributors
Updated on Jun 29, 2025
Bundle Size
1.48 kB
Minified
770.00 B
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
3.0.1
Package Id
vue-safe-html@3.0.1
Unpacked Size
20.08 kB
Size
7.59 kB
File Count
7
NPM Version
9.6.7
Node Version
18.17.1
Published on
Oct 18, 2023
Total Downloads
Cumulative downloads
Total Downloads
1,119,895
Last Day
80%
18
Compared to previous day
Last Week
-6.8%
4,259
Compared to previous week
Last Month
-2.2%
23,541
Compared to previous month
Last Year
-44.3%
300,837
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
vue-safe-html
A Vue directive which renders sanitised HTML dynamically. Zero dependencies, compatible with Vue versions 3 and 2, TypeScript-ready.
Note: This library is not XSS-safe, but only strips tags programmatically.
Installation
Install package:
1npm install vue-safe-html 2# OR 3yarn add vue-safe-html
Use the plugin:
1import Vue from 'vue'; 2import VueSafeHTML from 'vue-safe-html'; 3 4Vue.use(VueSafeHTML);
Usage
In your component:
1<template> 2 <div v-safe-html="myUnsafeHTML"> 3</template>
1export default { 2 computed: { 3 myUnsafeHTML() { 4 return '<script>oh my!</script> I am safe!'; 5 } 6 } 7}
Renders to:
1<div>I am safe!</div>
Options
allowedTags
Array of strings. Default: ['a', 'b', 'br', 'strong', 'i', 'em', 'mark', 'small', 'del', 'ins', 'sub', 'sup'].
Customize the tags that are allowed to be rendered, either by providing new ones:
1Vue.use(VueSafeHTML, { 2 allowedTags: ['marquee', 'blockquote'], 3});
Or extending the default ones:
1import VueSafeHTML, { allowedTags } from 'vue-safe-html'; 2 3Vue.use(VueSafeHTML, { 4 allowedTags: [...allowedTags, 'marquee', 'blockquote'], 5});
If no tags are passed, all tags are stripped:
1import VueSafeHTML from 'vue-safe-html'; 2 3Vue.use(VueSafeHTML, { 4 allowedTags: [], 5});
It is also possible to provide custom allowed tags directly to the directive tag, using directive modifiers. This allows local override of the option:
1<template> 2 <!-- only allow p and strong tags --> 3 <div v-safe-html.p.strong="myUnsafeHTML"> 4</template>
allowedAttributes
Array of strings. Default: []
Customize the tag attributes that are allowed to be rendered:
1Vue.use(VueSafeHTML, { 2 allowedTags: ['a'], 3 allowedAttributes: ['title', 'class', 'href'], 4}); 5 6### Nuxt 7 8`vue-safe-html` is written as a Vue plugin so you can easily use it inside Nuxt by following [the Nuxt documentation](https://nuxtjs.org/docs/2.x/directory-structure/plugins#vue-plugins). 9 10## License 11 12[Do No Harm](./LICENSE)
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 8/10 approved changesets -- score normalized to 8
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/ecosia/vue-safe-html/main.yml/main?enable=pin
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 28 are checked with a SAST tool
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3.6
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More