# svelte/no-at-html-tags
disallow use of
{@html}
to prevent XSS attack
- ⚙️ This rule is included in
"plugin:svelte/recommended"
.
# 📖 Rule Details
This rule reports all uses of {@html}
in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.
<script>
/* eslint svelte/no-at-html-tags: "error" */
</script>
<!-- ✓ GOOD -->
{foo}
<!-- ✗ BAD -->
`{@html}` can lead to XSS attack. (svelte/no-at-html-tags){@html foo}
# 🔧 Options
Nothing.
# 🔇 When Not To Use It
If you are certain the content passed to {@html}
is sanitized HTML you can disable this rule.
# 📚 Further Reading
# 🚀 Version
This rule was introduced in eslint-plugin-svelte v0.0.1