Complete the code to bind user input safely in Vue template.
<template>
<div>{{ [1] }}</div>
</template>Using double curly braces {{ }} in Vue automatically escapes HTML to prevent XSS.
Complete the code to bind raw HTML safely using Vue directive.
<template> <div [1]="userHtml"></div> </template>
The v-html directive binds raw HTML content but should be used carefully to avoid XSS.
Fix the error in the template to prevent XSS by escaping user input.
<template> <p v-html="[1]"></p> </template>
Using v-html with double curly braces is incorrect. To prevent XSS, use {{ }} alone or sanitize HTML before using v-html.
Fill both blanks to create a computed property that sanitizes HTML before binding.
<script setup> import { computed } from 'vue' import sanitizeHtml from 'sanitize-html' const rawHtml = '<script>alert(1)</script><p>Hello</p>' const safeHtml = computed(() => [1](rawHtml)) </script> <template> <div v-html="[2]"></div> </template>
Use the sanitizeHtml function to clean raw HTML, then bind the sanitized content with v-html using the computed property safeHtml.
Fill all three blanks to create a safe user comment display with sanitization and reactive input.
<script setup> import { ref, computed } from 'vue' import sanitizeHtml from 'sanitize-html' const userComment = ref('') const safeComment = computed(() => [1]([2])) function updateComment(event) { [3] = event.target.value } </script> <template> <textarea @input="updateComment" aria-label="User comment input"></textarea> <div v-html="safeComment" aria-live="polite"></div> </template>
Sanitize the reactive userComment.value using sanitizeHtml. Update the reactive value inside updateComment function to keep input and display safe.