# svelte/no-at-html-tags

disallow use of {@html} to prevent XSS attack

  • ⚙️ This rule is included in "plugin:svelte/recommended".

# 📖 Rule Details

This rule reports all uses of {@html} in order to reduce the risk of injecting potentially unsafe / unescaped html into the browser leading to Cross-Site Scripting (XSS) attacks.

<script>
  /* eslint svelte/no-at-html-tags: "error" */
</script>

<!-- ✓ GOOD -->
{foo}

<!-- ✗ BAD -->
`{@html}` can lead to XSS attack. (svelte/no-at-html-tags)
{@html foo}

# 🔧 Options

Nothing.

# 🔇 When Not To Use It

If you are certain the content passed to {@html} is sanitized HTML you can disable this rule.

# 📚 Further Reading

# 🚀 Version

This rule was introduced in eslint-plugin-svelte v0.0.1

# 🔍 Implementation